Since the last update (f version) I get a lot of 'file.....cannot be opened for writing' - then I'm skipping and the problem either goes away or continues! Sometimes, in spite of the warning, the tag is written correctly but most of the times I repeat the process for the individual files until everything is done! If it's a bug, please fix it as soon as possible - if I'm doing something wrong, please advise!
PS - I switched to the previous version - problem solved!
Thanks for reporting!
Which file types are you using when you get the error message? Also, are the file located on a NAS or a Cloud-synced drive. Are there any programs you're aware of, that are also accessing the files?
Kind regards
– Florian
I was particularly careful to leave the files outside of ANY program's reach during the tagging process! The files are located on my main HHD (disk C:)! Types of files: mp3 & flac - the problem is persistent, maybe some other users noticed it too, because I believe it's rather easy to reproduce (when you test it, you better prefer batch tagging).
Thanks!
This might be the case in your setup, but I wasn't able to reproduce it during my tests.
Do you have any program running that accesses those files, e.g., a virus scanner and indexing program or simply a music player? I'm asking not with the intention that you stop using this program, but to gather more information on how to reproduce it.
Kind regards
- Florian
After your last answer, I decided to give this version one more try! So I installed it (version f) and tried to edit the track tags of an album (i.e. change of album title - change enumeration format - add album art). I copied the audio folder in three different sub-folders on my HDD to perform the test and I did not permit any other program to interfere (i.e. my audio player, my library database etc.)
I received no error warnings during album rename & track enumeration but...when adding the album art image, I got an error message on the 12th track (13 tracks total): ".....cannot be opened for writing" Do you want to continue? I clicked 'yes' and there was no album art on the 12th track! I re-selected everything (all tracks, even those that had the album art properly recorded) and...everything OK, the 12th track obtained the cover art without any problem or error message!
I repeated the exact same process for the same album in the other sub-folder and ... I had the exact same results (problem in track 12th - skipping - repeating the process and success)!
I installed version e, opened the third sub-folder with the same album and faithfully repeated the process - no problems at all whatsoever, everything completed OK!
PS This behavior is somewhat similar to what (sometimes) I get when trying to rename the audio containing folder in 'artist - album' format by using 'actions'! There are times when I get a similar message (something like: folder not found) but in this case by clicking retry everything turns out OK - and that's the reason I haven't reported it as a problem!
The description of this error looks like that of earlier reports where files were blocked by the OS.
It could even be Windows Explorer, that tries to update its thumbs.db when thumbnails should be displayed, esp. when you update the covers.
So how did you open the files? Via the Explorer shell extension? By Drag&Drop? Or from within MP3tag and no Explorer window open in the folder with the editted files?
Why it is always track 11 or something? Don't know, perhaps it is the hdd cache?
Re-Test:
I Install version f - Conditions: No program interfering - Loading from Dopus (explorer replacement)
- Album 1 - mp3
- add track titles from file names - OK
- Modifying Artist name & Album title OK
- Adding art - Problems in tracks 5 & 7
- Repeat adding art - OK
- Album 2 - mp3
- Enumerating tracks - Problems in 3 tracks (skipping)
- Re-enumerating - OK
- Adding art - Problems in 3 tracks (the same tracks)
- Re-adding art - OK
I install version e - Conditions (EXACTLY the same): No program interfering - Loading from Dopus (explorer replacement)
No problems at all in tagging both albums!!! Everything runs smoothly and flawlessly!
Attachment 7095 not found.
I think I'll stay with version e!
Thanks!
This is not quite what I meant.
Even though you use a WIndows Explorer substitute, this substitute still looks at the same folder (and files) as MP3tag does when editing.
Also: the errors appear when you start adding covers.
I bet that the original padding is not sufficient so that a temporary file has to be created, the older one deleted and the new one renamed.
But when the explorer gets the trigger that something happens in the open folder, it tries to update the information of the files and locks them ... while MP3tag comes along and tries to access one or more of the locked files - which leads to the observed behaviour.
What I would like you to test:
open the files from within MP3tag with the File>Open folder function (or its equivalent in the toolbar) but leave the explorer or its substitute closed.
I hope that you can now write all the files.
Test 2
Shutdown explorer replacement (even the resident portion from memory) - no file explorer active - isolate process from every other program - loading tracks & tagging straight with mp3tag
Install f version:
- Album 1
- Enumerating - OK
- Art - Error in one track
- Repeating the process - OK
- Album 2
- Enumerating - OK
- Art - OK
- Album 3
- Inserting track titles - OK
- Art - OK
- Album 4
- Inserting track titles - 5 errors
- Repeating the process - OK
- Inserting Artist & Album - OK
- Art - 5 errors
- Repeating the process - OK
Install e version:
Repeat the process - No problems at all!
With e version installed:
Repeat the process (this time with explorer replacement active) - loading tracks & tagging straight with mp3tag - No problems at all!
With e version installed:
Repeat the process by loading the files from the explorer replacement - No problems at all!
There is definitely something different between the two versions!
Thanks! (I'm keeping version e)
I am not sure: have you read the release information for version f:
FIX: attempting to write tags to larger files that are locked by other processes left only temporary file in some cases
The fix is a longer timeout while writing.
And to be quite honest: I am using version f and had not a single locked / blocked file.
The fix was intended to make things better.
But apparently on your system, it does not work and/or the workflow still has the odd program (even in the background like an indexer) looking at the files - not very quickly so it works with the version without the longer timeout but it still looks.
This is my attempt to explain it. I could be wrong, naturally.
I believe that where productivity is of importance, the use of (an) explorer is necessary - it's time-consuming to use mp3tag to open folders! It's also difficult to explain why with THE EXACT SIMILAR conditions one version works flawlessly and the other falls short! I had no problems with any version of mp3tag until now, and the program has become a vital piece of my audio editing software - so, hopefully there will be a new and better version or else I'm sticking to version e!
Thanks anyway!
How big are those files that are giving the error message? Can you please try again and use Handle.exe to check which process is locking those files?
Kind regards
– Florian
Please, review the changes you brought to the program after vesion e! Unfortunately, version g behaves the same way as version f! I have re-installed the stable version 2.83 and I found no problems at all! I even installed version d and ... the same: no problems under ANY circumstances! Every version works for me without any problems until version f! You've must been done something with the code, there is no other explanation
Thanks!
Yes. Of course, I've done something with the code
It would be great if you could answer my questions from yesterday.
Kind regards
– Florian
Same error here since "f" and now also with "g". This happens with any mp3. On windows 7 for sure and I think windows 10.
I have reverted to "e" and everything works as expected.
No time to get into this too deep, I'm just confirming what the OP has reported. I only get online a couple time a week so hopefully next time I'll be able to add something more useful to the topic.
That would be helpful. I'm particularly interested in
- Which file types are giving the problem (MP3, MP4, FLAC, ...)
- Which file size do those files have
- Are there any programs that are accessing the files
- What does Handle.exe show
After last time I was here I forgot to re-download the latest beta.
I'll hopefully have something useful to report on Monday.
I've just released Mp3tag v2.83h Development Build. Please let me know, if this fixes the issue for you.
Kind regards
– Florian
First impressions from version h (with some reservations for further testing): problem seems to be solved!
Update: Problem definitely solved! Thanks
I'll try this later when I get home. Thank you very much Florian!
I'll still post my results from "g" below because there was some effort involved:
Which file types are giving the problem (MP3, MP4, FLAC, ...)
Which file size do those files have
Are there any programs that are accessing the files
What does Handle.exe show
Seems to occur ONLY with mp3 files in excess of 16 MB.
This con happen when adding tags (but does not occur after tags have been added),
removing/adding graphics or clearing tags.
Unlike the OP, I have not encountered an error when editing any FLAC file.
This applies to M4A,MP4 and APE as well.
I get the same behavior on both Win 7/10.
I thought it might be a conflict using a thumbnail handler but after disabling
and a reboot this made no difference. Terminating all non-native processes
also had no effect.
Handles shown are from Mp3tag giving error when attempting to add graphics.
--------------------------------------------------------------------
System pid: 4 \<unable to open process>
74: File (---) C:\Windows\System32\config\SOFTWARE.LOG2
80: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
84: File (---) \Device\Mup
88: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c9-253c-11e5-9f64-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
8C: File (R-D) C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
94: File (---) C:\Windows\System32\config\SYSTEM.LOG1
98: File (---) C:\Windows\System32\config\system
A4: File (---) C:\Boot\BCD.LOG
A8: File (RWD) \clfs
AC: File (RW-) \clfs
B0: File (RWD) C:\$Extend\$RmMetadata\$Txf
B4: File (---) C:\Windows\System32\config\software
B8: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
BC: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
C0: File (R--) \clfs
C4: File (RWD) \clfs
C8: File (RWD) \clfs
CC: File (RWD) C:\$Extend\$RmMetadata\$TxfLog
10C: File (---) C:\Windows\System32\config\RegBack\SYSTEM
134: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
13C: File (---) C:\Boot\BCD
14C: File (---) C:\Windows\System32\config\SOFTWARE.LOG1
150: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c9-253c-11e5-9f64-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
154: File (---) C:\Windows\System32\config\SYSTEM.LOG2
158: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c9-253c-11e5-9f64-806e6f6e6963}.TM.blf
15C: File (RW-) \clfs
160: File (RWD) \clfs
170: File (---) C:\Windows\System32\config\RegBack\SOFTWARE
18C: File (R-D) C:\Windows\System32\wfp\wfpdiag.etl
190: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
194: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
198: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
19C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
1D4: File (---) C:\Windows\System32\config\default
1D8: File (---) C:\Windows\System32\config\DEFAULT.LOG2
1DC: Section \Win32kCrossSessionGlobals
1EC: File (---) C:\Windows\System32\config\RegBack\DEFAULT
1F0: File (---) C:\Windows\System32\config\DEFAULT.LOG1
210: File (R--) U:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
218: File (R--) U:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
21C: File (R--) U:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
220: File (RWD) \clfs
224: File (R--) \clfs
228: File (RWD) U:\$Extend\$RmMetadata\$Txf
22C: File (RWD) \clfs
230: File (RWD) \clfs
234: File (RW-) \clfs
244: File (R-D) C:\Windows\ehome\WTVGOTHIC-S.ttc
254: File (R-D) C:\Windows\System32\en-US\win32k.sys.mui
258: File (R-D) C:\Windows\ehome\malgunmc.ttf
280: File (R-D) C:\Windows\ehome\WTVGOTHIC-S.ttc
284: File (R-D) C:\Windows\ehome\malgunmc.ttf
294: File (---) C:\Windows\System32\config\RegBack\SECURITY
2A0: File (---) C:\Windows\System32\config\security
2A4: File (---) C:\Windows\System32\config\SECURITY.LOG1
2A8: File (---) C:\Windows\System32\config\SECURITY.LOG2
2B8: File (---) C:\Windows\System32\config\SAM.LOG1
2BC: File (---) C:\Windows\System32\config\SAM.LOG2
2C0: File (---) C:\Windows\System32\config\sam
2C4: File (---) C:\Windows\System32\config\RegBack\SAM
2F0: File (---) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
2F4: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
2F8: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
2FC: File (R--) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{44887beb-7ed8-11e7-a2b5-806e6f6e6963}.TM.blf
304: File (R--) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{44887beb-7ed8-11e7-a2b5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
30C: File (R--) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{44887beb-7ed8-11e7-a2b5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
310: File (RWD) \clfs
314: File (RW-) \clfs
338: File (---) C:\Windows\ServiceProfiles\LocalService\ntuser.dat
33C: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
340: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
344: File (R--) C:\Windows\ServiceProfiles\LocalService\ntuser.dat{44887bef-7ed8-11e7-a2b5-1c6f65ca7cf0}.TM.blf
348: File (R--) C:\Windows\ServiceProfiles\LocalService\ntuser.dat{44887bef-7ed8-11e7-a2b5-1c6f65ca7cf0}.TMContainer00000000000000000001.regtrans-ms
34C: File (R--) C:\Windows\ServiceProfiles\LocalService\ntuser.dat{44887bef-7ed8-11e7-a2b5-1c6f65ca7cf0}.TMContainer00000000000000000002.regtrans-ms
354: File (RWD) \clfs
358: File (RW-) \clfs
388: File (RW-) C:\Windows\CSC
38C: File (RWD) C:\Windows\CSC\v2.0.6\temp
39C: File (RW-) C:\Windows\CSC\v2.0.6
3A0: File (RWD) C:\Windows\CSC\v2.0.6\pq
3AC: File (RW-) C:\Windows\CSC\v2.0.6\namespace
458: File (RWD) \clfs
474: File (R--) \clfs
480: File (RWD) \clfs
484: File (RWD) \clfs
488: File (RW-) \clfs
4C8: File (---) \Device\Mup
4E0: File (---) \Device\Mup
520: File (RW-) \clfs
524: File (RWD) A:\$Extend\$RmMetadata\$Txf
528: File (R--) A:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
52C: File (R--) \clfs
530: File (RWD) \clfs
534: File (RWD) \clfs
538: File (R--) A:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
53C: File (R--) A:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
540: File (RWD) \clfs
5E0: File (RWD) \clfs
600: File (RW-) \clfs
628: File (R--) C:\Users\Nighted\ntuser.dat{3f4dd8d7-253c-11e5-9f64-cb21aa5b474a}.TM.blf
664: File (---) C:\Users\Nighted\ntuser.dat.LOG1
678: File (R--) C:\Users\Nighted\ntuser.dat{3f4dd8d7-253c-11e5-9f64-cb21aa5b474a}.TMContainer00000000000000000002.regtrans-ms
6C8: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
6F0: File (R--) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat{1f1be474-4704-11e7-919c-c1a10d247a30}.TM.blf
704: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat
710: File (---) C:\Users\Nighted\ntuser.dat.LOG2
730: File (RW-) \clfs
738: File (RWD) \clfs
748: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
758: File (R--) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat{1f1be474-4704-11e7-919c-c1a10d247a30}.TMContainer00000000000000000001.regtrans-ms
760: File (R--) C:\Users\Nighted\AppData\Local\Microsoft\Windows\UsrClass.dat{1f1be474-4704-11e7-919c-c1a10d247a30}.TMContainer00000000000000000002.regtrans-ms
7B0: File (R--) C:\Users\Nighted\ntuser.dat{3f4dd8d7-253c-11e5-9f64-cb21aa5b474a}.TMContainer00000000000000000001.regtrans-ms
7D4: File (---) C:\Users\Nighted\ntuser.dat
88C: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c8-253c-11e5-9f64-806e6f6e6963}.TxR.2.regtrans-ms
960: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c8-253c-11e5-9f64-806e6f6e6963}.TxR.1.regtrans-ms
984: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c8-253c-11e5-9f64-806e6f6e6963}.TxR.blf
9C4: File (R--) C:\Windows\System32\config\TxR\{3f4dd8c8-253c-11e5-9f64-806e6f6e6963}.TxR.0.regtrans-ms
9D8: File (---) \clfs
F08: File (---) C:\System Volume Information\{0deaa1dc-8084-11e7-b110-1c6f65ca7cf0}{3808876b-c176-4e48-b7ae-04046e6cc752}
F5C: File (---) C:\System Volume Information\Syscache.hve
1178: File (---) C:\System Volume Information\Syscache.hve.LOG1
15B0: File (---) C:\System Volume Information\Syscache.hve.LOG2
1670: File (---) C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
1680: File (---) C:\Windows\bootstat.dat
------------------------------------------------------------------------------
smss.exe pid: 312 NT AUTHORITY\SYSTEM
4: File (RW-) C:\Windows
------------------------------------------------------------------------------
csrss.exe pid: 508 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
2C: Section \Windows\SharedSection
3C: File (R-D) C:\Windows\System32\en-US\csrss.exe.mui
54: File (R-D) C:\Windows\System32\en-US\winsrv.dll.mui
------------------------------------------------------------------------------
wininit.exe pid: 596 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
A4: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
csrss.exe pid: 620 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
2C: Section \Sessions\1\Windows\SharedSection
1CC: File (R-D) C:\Windows\System32\en-US\winsrv.dll.mui
------------------------------------------------------------------------------
services.exe pid: 652 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
48: File (R-D) C:\Windows\System32\en-US\services.exe.mui
------------------------------------------------------------------------------
lsass.exe pid: 676 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
60: Section \BaseNamedObjects\Debug.Memory.v2.2a4
8C: Section \LsaPerformance
124: File (R-D) C:\Windows\System32\en-US\lsasrv.dll.mui
1FC: Section \BaseNamedObjects\Debug.Trace.Memory.2a4
2E8: File (RW-) C:\Windows\debug\PASSWD.LOG
8D0: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Credentials
8D8: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Credentials
9F0: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui
------------------------------------------------------------------------------
lsm.exe pid: 688 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
208: File (R-D) C:\Windows\System32\en-US\lsm.exe.mui
------------------------------------------------------------------------------
svchost.exe pid: 792 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
9C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
320: File (R-D) C:\Windows\System32\en-US\umpnpmgr.dll.mui
36C: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
3FC: Section \BaseNamedObjects\RotHintTable
48C: Section \BaseNamedObjects\__ComCatalogCache__
4C8: Section \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
4F0: Section \BaseNamedObjects\__ComCatalogCache__
504: Section \BaseNamedObjects\__ComCatalogCache__
544: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
nvvsvc.exe pid: 852 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
7C: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
F8: Section \BaseNamedObjects\__ComCatalogCache__
178: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
svchost.exe pid: 892 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
1B0: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
1E8: File (R-D) C:\Windows\System32\en-US\wship6.dll.mui
1EC: File (R-D) C:\Windows\System32\en-US\wshtcpip.dll.mui
250: Section \BaseNamedObjects\__ComCatalogCache__
280: Section \BaseNamedObjects\__ComCatalogCache__
458: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
svchost.exe pid: 952 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
158: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
15C: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
1DC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
1E0: File (R--) C:\Windows\System32\winevt\Logs\System.evtx
204: File (R--) C:\Windows\System32\winevt\Logs\Application.evtx
218: File (R--) C:\Windows\System32\winevt\Logs\Security.evtx
224: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
22C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
248: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
24C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
254: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
25C: File (R--) C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
278: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
2B0: Section \BaseNamedObjects\__ComCatalogCache__
2B8: Section \BaseNamedObjects\__ComCatalogCache__
2D8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
2DC: File (R--) C:\Windows\System32\winevt\Logs\Media Center.evtx
2E8: File (R--) C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
2EC: File (R--) C:\Windows\System32\winevt\Logs\Key Management Service.evtx
2F4: File (R--) C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
32C: Section \BaseNamedObjects\mmGlobalPnpInfo
4E8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
4F4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
508: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
518: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
530: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
53C: File (R--) C:\Windows\System32\winevt\Logs\Setup.evtx
540: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
544: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
548: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
54C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
550: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
554: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
568: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
56C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
5A0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
5C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
5F8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
63C: File (RW-) C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log
640: Section \BaseNamedObjects\windows_shell_global_counters
64C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
680: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
6D0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
6D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
6F0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
6F8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
6FC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
728: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
740: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
77C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
7D0: File (R-D) C:\Windows\System32\en-US\wshtcpip.dll.mui
------------------------------------------------------------------------------
svchost.exe pid: 984 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
FC: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
134: Section \BaseNamedObjects\__ComCatalogCache__
138: Section \BaseNamedObjects\__ComCatalogCache__
318: File (RWD) \Device\Mup\.\.
354: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4F8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
70C: File (R--) C:\System Volume Information\tracking.log
71C: File (RWD) C:\$Extend\$ObjId
728: File (RWD) U:\$Extend\$ObjId
72C: File (R--) U:\System Volume Information\tracking.log
954: File (R-D) C:\Windows\System32\en-US\sysmain.dll.mui
9FC: File (R-D) C:\Windows\System32\en-US\rasdlg.dll.mui
A38: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
svchost.exe pid: 1012 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
F0: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
124: File (RWD) C:\Windows\Fonts
188: Section \BaseNamedObjects\__ComCatalogCache__
190: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
250: Section \BaseNamedObjects\__ComCatalogCache__
264: File (R-D) C:\Windows\System32\en-US\netprofm.dll.mui
438: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-1513977689-1027862086-2876798954-1000.dat
------------------------------------------------------------------------------
svchost.exe pid: 144 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
190: Section \BaseNamedObjects\__ComCatalogCache__
1DC: Section \BaseNamedObjects\SENS Information Cache
230: Section \BaseNamedObjects\__ComCatalogCache__
2E4: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
384: File (R-D) C:\Windows\System32\en-US\taskcomp.dll.mui
388: File (R--) C:\Windows\Tasks\SCHEDLGU.TXT
38C: File (R-D) C:\Windows\System32\en-US\schedsvc.dll.mui
3AC: File (RW-) C:\Windows\Tasks
438: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
468: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
470: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
474: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
478: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui
47C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
4E4: File (R-D) C:\Windows\System32\en-US\wship6.dll.mui
4F0: File (R-D) C:\Windows\System32\en-US\wshtcpip.dll.mui
6CC: File (RWD) C:\Windows\System32\wbem\MOF
8AC: Section \BaseNamedObjects\SqmData_FwtSqmSession101457921_S-1-5-18
8C8: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui
8F0: File (R--) C:\Windows\SoftwareDistribution\ReportingEvents.log
A1C: File (R--) C:\Windows\System32\wbem\repository\MAPPING1.MAP
A20: File (R--) C:\Windows\System32\wbem\repository\MAPPING2.MAP
A24: File (R--) C:\Windows\System32\wbem\repository\MAPPING3.MAP
A28: File (R--) C:\Windows\System32\wbem\repository\OBJECTS.DATA
A2C: File (R--) C:\Windows\System32\wbem\repository\INDEX.BTR
A98: Section \BaseNamedObjects\Wmi Provider Sub System Counters
C2C: File (R-D) C:\Windows\System32\en-US\FirewallAPI.dll.mui
C70: File (R-D) C:\Windows\System32\en-US\wuaueng.dll.mui
DF8: File (RW-) C:\Windows\WindowsUpdate.log
E28: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
1168: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
svchost.exe pid: 876 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
124: Section \BaseNamedObjects\__ComCatalogCache__
1A4: File (R-D) C:\Windows\System32\en-US\gpsvc.dll.mui
1F4: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
svchost.exe pid: 1292 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
140: File (RWD) C:\Windows\System32\drivers\etc
204: File (---) \Device\Mup
2BC: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui
2F4: Section \BaseNamedObjects\__ComCatalogCache__
2F8: Section \BaseNamedObjects\__ComCatalogCache__
3D0: File (---) C:\Windows\System32\catroot2\edb.log
558: File (---) C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
570: File (---) C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
5CC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
winlogon.exe pid: 1344 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
B8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
spoolsv.exe pid: 1528 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
30: File (R-D) C:\Windows\System32\en-US\spoolsv.exe.mui
68: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
1DC: Section \BaseNamedObjects\__ComCatalogCache__
1E8: Section \BaseNamedObjects\__ComCatalogCache__
278: File (R-D) C:\Windows\System32\en-US\localspl.dll.mui
340: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
3B4: File (R-D) C:\Windows\System32\en-US\WSDMon.dll.mui
4B4: File (R-D) C:\Windows\System32\en-US\inetpp.dll.mui
4BC: File (R-D) C:\Windows\System32\en-US\win32spl.dll.mui
------------------------------------------------------------------------------
svchost.exe pid: 1564 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
11C: File (R-D) C:\Windows\System32\en-US\bfe.dll.mui
1F0: File (R-D) C:\Windows\System32\en-US\FirewallAPI.dll.mui
380: Section \BaseNamedObjects\__ComCatalogCache__
388: Section \BaseNamedObjects\__ComCatalogCache__
4A4: Section \...\ASqmManifestVersion
------------------------------------------------------------------------------
imdsksvc.exe pid: 1736 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
nvxdsync.exe pid: 1796 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
7C: Section \BaseNamedObjects\__ComCatalogCache__
13C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283f
d671e9bf4d
140: Section \BaseNamedObjects\__ComCatalogCache__
144: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
1B0: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
320: File (R-D) C:\Windows\Fonts\StaticCache.dat
328: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
394: Section \Sessions\1\BaseNamedObjects\SMARTMAX_Shared_Memory
------------------------------------------------------------------------------
nvvsvc.exe pid: 1808 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
7C: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
B4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1D4: Section \BaseNamedObjects\__ComCatalogCache__
1E0: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
WUDFHost.exe pid: 2972 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\WUDFHost.exe.mui
68: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
240: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283f
d671e9bf4d
264: Section \BaseNamedObjects\__ComCatalogCache__
2EC: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
IAStorDataMgrSvc.exe pid: 2620 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
A0: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_2620
A4: Section \...\Cor_SxSPublic_IPCBlock
21C: File (R--) C:\Windows\assembly\pubpol4.dat
23C: Section \BaseNamedObjects\net.pipe:EbmV0LnBpcGU6Ly8rL1BVQkxJU0hFUi8=
29C: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgr.dll
2A0: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll
2D8: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll
338: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\PSI.dll
350: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvcInterfaces.dll
378: Section \BaseNamedObjects\__ComCatalogCache__
384: Section \BaseNamedObjects\__ComCatalogCache__
408: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorViewModel.dll
40C: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\PSIClient.dll
414: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
42C: File (R-D) C:\Windows\SysWOW64\en-US\setupapi.dll.mui
488: Section \BaseNamedObjects\UrlZonesSM_ENTERPRISE$
4A8: Section \BaseNamedObjects\windows_shell_global_counters
4F8: Section \BaseNamedObjects\netfxcustomperfcounters.1.0intel storage counters
508: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
55C: File (RWD) C:\Program Files (x86)\Common Files\Intel Corporation\IAStorUtil
------------------------------------------------------------------------------
wmpnetwk.exe pid: 2792 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui
19C: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
238: Section \BaseNamedObjects\__ComCatalogCache__
240: Section \BaseNamedObjects\__ComCatalogCache__
244: File (RWD) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files
24C: Section \BaseNamedObjects\windows_shell_global_counters
2E0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283f
d671e9bf4d
31C: File (R-D) C:\Windows\System32\en-US\wmploc.DLL.mui
340: Section \BaseNamedObjects\c:/users/nighted/appdata/local/microsoft/media player/wmp-wmc/sharedmemory
368: File (RW-) C:\Users\Nighted\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
378: Section \...\__?_c:_users_nighted_appdata_local_microsoft_media player_currentdatabase_372.wmdb:sqlce_se_ver
37C: Section \...\0:__?_c:_users_nighted_appdata_local_microsoft_media player_currentdatabase_372.wmdb:sqlce_se_mem
384: Section \...\0:__?_c:_users_nighted_appdata_local_microsoft_media player_currentdatabase_372.wmdb:sqlce_se_lks
4B4: File (RW-) C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
4F8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
534: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui
538: File (R-D) C:\Windows\System32\en-US\WinSATAPI.dll.mui
5F0: File (RWD) C:\Users\Nighted\Pictures
5F4: File (RWD) C:\Users\Nighted\Pictures
5FC: File (RWD) C:\Users\Nighted\Videos
604: File (RWD) C:\Users\Nighted\Videos
608: File (RWD) C:\Users\Public\Pictures
610: File (RWD) C:\Users\Public\Pictures
614: File (RWD) C:\Users\Public\Recorded TV
61C: File (RWD) C:\Users\Public\Recorded TV
620: File (RWD) C:\Users\Public\Videos
628: File (RWD) C:\Users\Public\Videos
62C: File (RWD) C:\Users\Nighted\Music
634: File (RWD) C:\Users\Nighted\Music
638: File (RWD) C:\Users\Public\Music
640: File (RWD) C:\Users\Public\Music
644: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
654: Section \BaseNamedObjects\windows_shell_global_counters
660: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
6AC: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Libraries
704: File (RWD) C:\Users\Public\Libraries
------------------------------------------------------------------------------
svchost.exe pid: 2956 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
26C: Section \BaseNamedObjects\windows_shell_global_counters
2A4: Section \BaseNamedObjects\__ComCatalogCache__
2E4: File (R-D) C:\Windows\System32\en-US\upnphost.dll.mui
328: Section \BaseNamedObjects\__ComCatalogCache__
340: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
taskhost.exe pid: 1536 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
30: File (R-D) C:\Windows\System32\en-US\taskhost.exe.mui
E4: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
108: Section \BaseNamedObjects\__ComCatalogCache__
114: Section \BaseNamedObjects\__ComCatalogCache__
12C: File (R-D) C:\Windows\System32\en-US\MsCtfMonitor.dll.mui
154: Section \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1
15C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
1BC: Section \BaseNamedObjects\mmGlobalPnpInfo
26C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
280: File (R-D) C:\Windows\System32\en-US\winmm.dll.mui
294: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
2C0: Section \Sessions\1\BaseNamedObjects\windows_webcache_bloom_section_{93BFEDC7-5A8B-4A9E-84C9-96BC9DE75EA9}
2C8: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\WebCache\V01.log
2D4: File (---) C:\Users\Nighted\AppData\Local\Microsoft\Windows\WebCacheLock.dat
338: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
35C: File (R-D) C:\Windows\System32\en-US\wdmaud.drv.mui
36C: File (R-D) C:\Windows\System32\en-US\MMDevAPI.dll.mui
------------------------------------------------------------------------------
dwm.exe pid: 520 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
24: File (R-D) C:\Windows\System32\en-US\dwm.exe.mui
114: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
15C: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
160: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
explorer.exe pid: 776 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283f
d671e9bf4d
38: File (R-D) C:\Windows\en-US\explorer.exe.mui
A4: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
D0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
160: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
178: Section \BaseNamedObjects\__ComCatalogCache__
18C: Section \BaseNamedObjects\__ComCatalogCache__
190: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1BC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
218: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
228: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
258: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
278: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2B0: File (R-D) C:\Windows\Fonts\StaticCache.dat
2B8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
2BC: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\comctl32.dll.mui
2D0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2D4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2E0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{F852CC10-8B9E-4096-B460-51CD211ADECE}.2.ver0000000000000001.db
30C: Section \BaseNamedObjects\windows_shell_global_counters
340: Section \Sessions\1\BaseNamedObjects\windows_webcache_bloom_section_{93BFEDC7-5A8B-4A9E-84C9-96BC9DE75EA9}
344: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
348: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
34C: File (RWD) C:\Users\Public\Desktop
354: File (RWD) C:\Users\Public\Desktop
35C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
360: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
364: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
36C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{FAE702BA-57F6-46A4-8171-E225680D5A84}.2.ver0000000000000001.db
39C: File (R-D) C:\Windows\System32\en-US\wscui.cpl.mui
3A8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3B0: File (R-D) C:\Windows\System32\en-US\explorerframe.dll.mui
3C4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3DC: File (R-D) C:\Windows\System32\en-US\authui.dll.mui
3E0: File (R-D) C:\Windows\System32\en-US\ActionCenter.dll.mui
3E4: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
3E8: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
44C: File (R-D) C:\Windows\System32\en-US\imageres.dll.mui
46C: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
488: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4C8: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui
504: File (RW-) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
508: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_Nighted
54C: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
570: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
610: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Start Menu
640: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
674: File (R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui
684: File (R-D) C:\Windows\System32\en-US\imageres.dll.mui
6C0: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
6CC: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Libraries
6D0: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Libraries
70C: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
714: Section \BaseNamedObjects\mmGlobalPnpInfo
728: File (R-D) C:\Windows\System32\en-US\wdmaud.drv.mui
734: File (R-D) C:\Windows\System32\en-US\MMDevAPI.dll.mui
758: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
794: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Start Menu
7E8: File (R-D) C:\Windows\System32\en-US\hcproviders.dll.mui
7F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
804: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
80C: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
814: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
834: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
840: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
850: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
868: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
86C: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
8B4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
954: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
968: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
970: File (RW-) C:\Users\Nighted\AppData\Local\Temp\FXSAPIDebugLogFile.txt
988: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
9A8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
9B0: File (R-D) C:\Windows\System32\en-US\stobject.dll.mui
9D8: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
9F8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
A0C: File (RWD) C:\Users\Nighted\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
A20: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
A50: File (R-D) C:\Windows\System32\en-US\sndvolsso.dll.mui
A94: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
AD0: File (R-D) C:\Windows\System32\en-US\AltTab.dll.mui
B50: File (R-D) C:\Windows\System32\en-US\pnidui.dll.mui
C1C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C28: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C40: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C44: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C50: File (R-D) C:\Windows\System32\en-US\bthprops.cpl.mui
C80: File (R-D) C:\Windows\System32\en-US\FXSRESM.dll.mui
CE8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
CEC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
CF4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D68: File (R-D) C:\Windows\System32\en-US\mpr.dll.mui
DD0: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
DF0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
E24: File (RW-) C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc
251
E38: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
E84: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
E9C: File (R-D) C:\Windows\System32\en-US\imageres.dll.mui
F50: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
F8C: File (RWD) C:\Users\Nighted\Desktop
FB0: File (R-D) C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui
FC0: File (R-D) C:\Windows\System32\en-US\winmm.dll.mui
FD0: File (RWD) C:\Users\Nighted\Desktop
FDC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1030: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
1090: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
1098: File (R-D) C:\Windows\System32\en-US\timedate.cpl.mui
10B4: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
------------------------------------------------------------------------------
igfxpers.exe pid: 3040 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
64: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
94: Section \Sessions\1\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_be0
A4: Section \BaseNamedObjects\__ComCatalogCache__
B0: Section \BaseNamedObjects\__ComCatalogCache__
18C: Section \Sessions\1\BaseNamedObjects\icc_lib_shm_name
1BC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
hkcmd.exe pid: 1844 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
78: Section \Sessions\1\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_734
88: Section \BaseNamedObjects\__ComCatalogCache__
94: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
ICCProxy.exe pid: 736 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
80: File (R-D) C:\Windows\SysWOW64\en-US\setupapi.dll.mui
16C: Section \BaseNamedObjects\__ComCatalogCache__
1A4: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
IAStorIcon.exe pid: 2584 Enterprise\Nighted
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
F8: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_2584
FC: Section \...\Cor_SxSPublic_IPCBlock
1E8: File (R--) C:\Windows\assembly\pubpol4.dat
1EC: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll
2C0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
2C4: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvcInterfaces.dll
2CC: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll
340: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
358: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
35C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad
8665e853
364: File (R-D) C:\Program Files\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
380: File (R-D) C:\Windows\Fonts\StaticCache.dat
384: File (RWD) C:\Users\Nighted\AppData\Roaming\Intel Corporation\IAStorUtil
------------------------------------------------------------------------------
ColorConsole.exe pid: 4192 Enterprise\Nighted
10: File (RW-) C:\Windows
1C: File (RW-) C:\Users\Nighted\Desktop\ColorConsole
20: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
7C: File (R-D) C:\Windows\SysWOW64\en-US\odbcint.dll.mui
84: File (R-D) C:\Windows\SysWOW64\en-US\MFC42.dll.mui
A4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
EC: File (R-D) C:\Windows\SysWOW64\en-US\setupapi.dll.mui
144: Section \BaseNamedObjects\__ComCatalogCache__
18C: Section \BaseNamedObjects\windows_shell_global_counters
198: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
19C: File (R-D) C:\Windows\Fonts\StaticCache.dat
264: Section \BaseNamedObjects\__ComCatalogCache__
26C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
27C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
280: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
284: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
288: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
2E4: File (R-D) C:\Windows\SysWOW64\en-US\propsys.dll.mui
2F0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
audiodg.exe pid: 3596 \<unable to open process>
8: File (RW-) C:\Windows
2C: File (R-D) C:\Windows\System32\en-US\audiodg.exe.mui
128: Section \BaseNamedObjects\__ComCatalogCache__
170: Section \BaseNamedObjects\__ComCatalogCache__
188: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
408: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
taskhost.exe pid: 4396 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
30: File (R-D) C:\Windows\System32\en-US\taskhost.exe.mui
F0: Section \BaseNamedObjects\__ComCatalogCache__
FC: Section \BaseNamedObjects\__ComCatalogCache__
13C: Section \BaseNamedObjects\windows_shell_global_counters
140: File (---) C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
154: File (R--) C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
170: Section \...\__?_c:_programdata_microsoft_rac_statedata_racdatabase.sdf:sqlce_se_ver
174: Section \...\0:__?_c:_programdata_microsoft_rac_statedata_racdatabase.sdf:sqlce_se_mem
17C: Section \...\0:__?_c:_programdata_microsoft_rac_statedata_racdatabase.sdf:sqlce_se_lks
184: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283f
d671e9bf4d
19C: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui
1CC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
220: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui
224: File (R-D) C:\Windows\System32\en-US\WinSATAPI.dll.mui
264: File (RW-) C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
274: Section \...\__?_c:_programdata_microsoft_rac_publisheddata_racwmidatabase.sdf:sqlce_se_ver
278: Section \...\0:__?_c:_programdata_microsoft_rac_publisheddata_racwmidatabase.sdf:sqlce_se_mem
280: Section \...\0:__?_c:_programdata_microsoft_rac_publisheddata_racwmidatabase.sdf:sqlce_se_lks
288: File (---) C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
290: File (RW-) C:\ProgramData\Microsoft\RAC\Temp\sql826B.tmp
2A0: Section \...\__?_c:_programdata_microsoft_rac_temp_sql826b.tmp:sqlce_se_ver
2A4: Section \...\0:__?_c:_programdata_microsoft_rac_temp_sql826b.tmp:sqlce_se_mem
2AC: Section \...\0:__?_c:_programdata_microsoft_rac_temp_sql826b.tmp:sqlce_se_lks
2B0: File (RW-) C:\ProgramData\Microsoft\RAC\Temp\sql827C.tmp
2C0: Section \...\__?_c:_programdata_microsoft_rac_temp_sql827c.tmp:sqlce_se_ver
2C4: Section \...\0:__?_c:_programdata_microsoft_rac_temp_sql827c.tmp:sqlce_se_mem
2CC: Section \...\0:__?_c:_programdata_microsoft_rac_temp_sql827c.tmp:sqlce_se_lks
------------------------------------------------------------------------------
Mp3tag.exe pid: 1448 Enterprise\Nighted
10: File (RW-) C:\Windows
20: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
24: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad
8665e853
11C: File (R-D) C:\Windows\Fonts\StaticCache.dat
120: File (---) C:\Portable Files\Mp3tag\Mp3tagError.log
124: File (---) C:\Users\Nighted\AppData\Local\Temp\Mp3tag v2.83g\_dfile_._s_
128: Section \Sessions\1\BaseNamedObjects\SSingleInstance_MMF_Mp3tag
130: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1C4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1D0: Section \BaseNamedObjects\__ComCatalogCache__
1E4: Section \BaseNamedObjects\__ComCatalogCache__
1F0: File (R-D) C:\Windows\SysWOW64\en-US\setupapi.dll.mui
260: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
264: File (R-D) C:\Windows\SysWOW64\en-US\imageres.dll.mui
294: Section \BaseNamedObjects\windows_shell_global_counters
328: File (R-D) C:\Windows\SysWOW64\en-US\comdlg32.dll.mui
32C: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
330: File (RW-) C:\Portable Files\Mp3tag
334: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
34C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
350: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
370: File (R-D) C:\Windows\SysWOW64\en-US\explorerframe.dll.mui
380: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
398: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
39C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{F852CC10-8B9E-4096-B460-51CD211ADECE}.2.ver0000000000000001.db
3A0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3A4: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3A8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
3AC: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3B0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
3B4: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{FAE702BA-57F6-46A4-8171-E225680D5A84}.2.ver0000000000000001.db
3B8: File (R-D) C:\Windows\SysWOW64\en-US\propsys.dll.mui
3BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
408: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
40C: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
490: File (R-D) C:\Windows\SysWOW64\en-US\mpr.dll.mui
4C4: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
538: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
544: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
550: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
55C: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
568: File (RWD) C:\Users\Nighted\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
5D8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
5E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
614: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
------------------------------------------------------------------------------
dllhost.exe pid: 1380 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
78: Section \BaseNamedObjects\__ComCatalogCache__
84: Section \BaseNamedObjects\__ComCatalogCache__
13C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
------------------------------------------------------------------------------
cmd.exe pid: 4296 Enterprise\Nighted
10: File (RW-) C:\Windows
1C: File (RW-) C:\Users\Nighted\Desktop\ColorConsole
60: File (R-D) C:\Windows\SysWOW64\en-US\cmd.exe.mui
26C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
27C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
280: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
284: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
288: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
------------------------------------------------------------------------------
conhost.exe pid: 528 Enterprise\Nighted
C: File (RW-) C:\Windows\System32
24: File (R-D) C:\Windows\System32\en-US\conhost.exe.mui
90: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
handle.exe pid: 1900 Enterprise\Nighted
10: File (RW-) C:\Windows
1C: File (RW-) C:\Users\Nighted\Desktop\ColorConsole
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
26C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
27C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
280: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0000000000000088.db
284: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
288: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0000000000000002.db
------------------------------------------------------------------------------
handle64.exe pid: 2788 Enterprise\Nighted
18: File (RW-) C:\Users\Nighted\Desktop\ColorConsole
28: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df