Bugzilla – Attachment 135883 Details for
Bug 109241
python: Win32: urllib on https URLs fails due to loading wrong OpenSSL libraries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Procmon results
ProcMon_for_bug109241_normal mode.txt (text/plain), 264.38 KB, created by
kiloran.public+bugzilla
on 2017-08-30 19:38:02 UTC
(
hide
)
Description:
Procmon results
Filename:
MIME Type:
Creator:
kiloran.public+bugzilla
Created:
2017-08-30 19:38:02 UTC
Size:
264.38 KB
patch
obsolete
>Process monitor results from first occurrence of _ssl.pyd to last occurrence of LIBEAY32.DLL >LibreOffice 5.3.4.2 on Windows 7 > > > > >15:53:49.6285059 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6285798 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6285930 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6286069 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.6291172 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6291468 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A Read Metadata LibreOffice >15:53:49.6291583 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.6294900 MsMpEng.exe 1180 CreateFile C:\Windows\System32\pku2u.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6295885 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6296332 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.6296459 soffice.bin 7992 QueryStandardInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False Read Metadata LibreOffice >15:53:49.6296681 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.6297244 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.6297535 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pku2u.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6297806 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pku2u.dll BUFFER OVERFLOW CreationTime: 20/11/2014 14:31:01, LastAccessTime: 20/11/2014 14:31:01, LastWriteTime: 11/11/2014 04:08:52, ChangeTime: 20/11/2014 15:35:03, FileAttributes: A, AllocationSize: 241,664, EndOfFile: 241,152, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x2000000067405, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6298019 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pku2u.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6298192 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pku2u.dll BUFFER OVERFLOW CreationTime: 20/11/2014 14:31:01, LastAccessTime: 20/11/2014 14:31:01, LastWriteTime: 11/11/2014 04:08:52, ChangeTime: 20/11/2014 15:35:03, FileAttributes: A, AllocationSize: 241,664, EndOfFile: 241,152, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x2000000067405, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6298434 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\pku2u.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6298840 MsMpEng.exe 1180 CloseFile C:\Windows\System32\pku2u.dll SUCCESS Antimalware Service Executable >15:53:49.6299214 wmpnetwk.exe 5060 Thread Create SUCCESS Thread ID: 3008 Windows Media Player Network Sharing Service >15:53:49.6300458 wmpnetwk.exe 5060 Thread Create SUCCESS Thread ID: 4108 Windows Media Player Network Sharing Service >15:53:49.6303028 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6303286 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A Read Metadata LibreOffice >15:53:49.6303401 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.6305758 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6306172 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.6307199 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.6311874 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6313340 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6313562 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6313709 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6313820 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6313980 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6314272 soffice.bin 7992 Load Image C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Image Base: 0x12cf0000, Image Size: 0xe000 LibreOffice >15:53:49.6314358 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Antimalware Service Executable >15:53:49.6315314 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.6317215 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6318636 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6318865 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6319095 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6319309 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6319555 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6319863 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Antimalware Service Executable >15:53:49.6321189 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6322006 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6322433 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6323131 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Antimalware Service Executable >15:53:49.6325791 soffice.bin 7992 CreateFile C:\Windows\SysWOW64\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6331801 soffice.bin 7992 CreateFile C:\Windows\system\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6333488 soffice.bin 7992 CreateFile C:\Windows\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6338188 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6344527 soffice.bin 7992 CreateFile C:\ProgramData\Oracle\Java\javapath\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6349568 MsMpEng.exe 1180 CreateFile C:\Windows\System32\LIVESSP.DLL SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6350036 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\LIVESSP.DLL SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6350290 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\LIVESSP.DLL BUFFER OVERFLOW CreationTime: 28/03/2011 13:11:06, LastAccessTime: 28/05/2012 07:19:30, LastWriteTime: 28/03/2011 13:11:06, ChangeTime: 28/05/2012 07:19:30, FileAttributes: A, AllocationSize: 253,952, EndOfFile: 252,800, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x4000000011687, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6350541 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\LIVESSP.DLL SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6350734 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\LIVESSP.DLL BUFFER OVERFLOW CreationTime: 28/03/2011 13:11:06, LastAccessTime: 28/05/2012 07:19:30, LastWriteTime: 28/03/2011 13:11:06, ChangeTime: 28/05/2012 07:19:30, FileAttributes: A, AllocationSize: 253,952, EndOfFile: 252,800, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x4000000011687, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6350988 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\LIVESSP.DLL SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6351440 MsMpEng.exe 1180 CloseFile C:\Windows\System32\LIVESSP.DLL SUCCESS Antimalware Service Executable >15:53:49.6351538 soffice.bin 7992 CreateFile C:\Program Files (x86)\PC Connectivity Solution\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6361366 soffice.bin 7992 CreateFile C:\Perl64\site\bin\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6368127 soffice.bin 7992 CreateFile C:\Perl64\bin\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6375295 soffice.bin 7992 CreateFile C:\Program Files\Common Files\Microsoft Shared\Windows Live\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6381104 soffice.bin 7992 CreateFile C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6386982 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6388177 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A Read Metadata LibreOffice >15:53:49.6388304 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS LibreOffice >15:53:49.6391531 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6391995 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.6393091 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.6400049 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6400817 soffice.bin 7992 Load Image C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Image Base: 0x13010000, Image Size: 0x12b000 LibreOffice >15:53:49.6400887 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6401125 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 1,200,128, EndOfFile: 1,197,056, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e8d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6401367 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6401568 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 1,200,128, EndOfFile: 1,197,056, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e8d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6401835 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6402188 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Antimalware Service Executable >15:53:49.6404688 MsMpEng.exe 1180 CreateFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6405263 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\bcryptprimitives.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6405501 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\bcryptprimitives.dll BUFFER OVERFLOW CreationTime: 21/09/2016 19:41:22, LastAccessTime: 21/09/2016 19:41:22, LastWriteTime: 21/09/2016 19:41:22, ChangeTime: 01/08/2017 09:24:37, FileAttributes: A, AllocationSize: 299,008, EndOfFile: 297,984, NumberOfLinks: 13, DeletePending: False, Directory: False, IndexNumber: 0x800000004db02, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6405722 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\bcryptprimitives.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6405899 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\bcryptprimitives.dll BUFFER OVERFLOW CreationTime: 21/09/2016 19:41:22, LastAccessTime: 21/09/2016 19:41:22, LastWriteTime: 21/09/2016 19:41:22, ChangeTime: 01/08/2017 09:24:37, FileAttributes: A, AllocationSize: 299,008, EndOfFile: 297,984, NumberOfLinks: 13, DeletePending: False, Directory: False, IndexNumber: 0x800000004db02, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6406137 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\bcryptprimitives.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6406548 MsMpEng.exe 1180 CloseFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Antimalware Service Executable >15:53:49.6407098 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6407562 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6407779 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 1,200,128, EndOfFile: 1,197,056, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e8d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6408005 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6408173 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 1,200,128, EndOfFile: 1,197,056, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e8d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6408407 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6408723 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Antimalware Service Executable >15:53:49.6409885 MsMpEng.exe 1180 CreateFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6410283 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\bcryptprimitives.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6410493 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\bcryptprimitives.dll BUFFER OVERFLOW CreationTime: 21/09/2016 19:41:22, LastAccessTime: 21/09/2016 19:41:22, LastWriteTime: 21/09/2016 19:41:22, ChangeTime: 01/08/2017 09:24:37, FileAttributes: A, AllocationSize: 299,008, EndOfFile: 297,984, NumberOfLinks: 13, DeletePending: False, Directory: False, IndexNumber: 0x800000004db02, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6410587 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS LibreOffice >15:53:49.6410706 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\bcryptprimitives.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6410895 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\bcryptprimitives.dll BUFFER OVERFLOW CreationTime: 21/09/2016 19:41:22, LastAccessTime: 21/09/2016 19:41:22, LastWriteTime: 21/09/2016 19:41:22, ChangeTime: 01/08/2017 09:24:37, FileAttributes: A, AllocationSize: 299,008, EndOfFile: 297,984, NumberOfLinks: 13, DeletePending: False, Directory: False, IndexNumber: 0x800000004db02, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6411129 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\bcryptprimitives.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6411429 MsMpEng.exe 1180 CloseFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Antimalware Service Executable >15:53:49.6414483 MsMpEng.exe 1180 CreateFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6415719 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6416191 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6416445 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Antimalware Service Executable >15:53:49.6416568 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\bcryptprimitives.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6416872 MsMpEng.exe 1180 CloseFile C:\Windows\System32\bcryptprimitives.dll SUCCESS Antimalware Service Executable >15:53:49.6419495 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6422164 soffice.bin 7992 CreateFile C:\Windows\SysWOW64\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6427858 soffice.bin 7992 CreateFile C:\Windows\system\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6430690 soffice.bin 7992 CreateFile C:\Windows\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6437205 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6443469 soffice.bin 7992 CreateFile C:\ProgramData\Oracle\Java\javapath\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6450243 soffice.bin 7992 CreateFile C:\Program Files (x86)\PC Connectivity Solution\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6459389 soffice.bin 7992 CreateFile C:\Perl64\site\bin\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6467222 soffice.bin 7992 CreateFile C:\Perl64\bin\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6474595 soffice.bin 7992 CreateFile C:\Program Files\Common Files\Microsoft Shared\Windows Live\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6482107 soffice.bin 7992 CreateFile C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\SSLEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.6489673 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6491274 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A Read Metadata LibreOffice >15:53:49.6491479 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS LibreOffice >15:53:49.6495461 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6496073 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.6497465 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.6502810 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6503668 soffice.bin 7992 Load Image C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Image Base: 0x12d00000, Image Size: 0x4f000 LibreOffice >15:53:49.6503684 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6503926 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 303,104, EndOfFile: 303,104, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6504168 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6504353 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 303,104, EndOfFile: 303,104, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6504604 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6504973 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Antimalware Service Executable >15:53:49.6506890 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS LibreOffice >15:53:49.6509439 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6509846 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6510039 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 303,104, EndOfFile: 303,104, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6510236 MsMpEng.exe 1180 QueryInformationVolume C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6510400 MsMpEng.exe 1180 QueryAllInformationFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll BUFFER OVERFLOW CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A, AllocationSize: 303,104, EndOfFile: 303,104, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5000000010e96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6510609 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6510893 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Antimalware Service Executable >15:53:49.6515490 MsMpEng.exe 1180 CreateFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6515942 MsMpEng.exe 1180 FileSystemControl C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6516205 MsMpEng.exe 1180 CloseFile C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll SUCCESS Antimalware Service Executable >15:53:49.6517761 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6517941 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.6518134 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\posixpath NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6518512 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6518614 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.6518766 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\posixpath NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6521439 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6523077 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6523220 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6523376 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.6526312 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6526636 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6526763 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,254, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2b000000030c96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6526895 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS LibreOffice >15:53:49.6529875 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6530158 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6530277 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,254, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2b000000030c96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6530409 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS LibreOffice >15:53:49.6533401 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\posixpath.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.6535634 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6536024 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6536144 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,254, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2b000000030c96, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6536410 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6536513 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,254, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2b000000030c96, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6536694 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS Offset: 0, Length: 14,254, Priority: Normal Read LibreOffice >15:53:49.6537026 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py END OF FILE Offset: 14,254, Length: 1 Read LibreOffice >15:53:49.6537186 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS LibreOffice >15:53:49.6565713 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read iCloud Services >15:53:49.6565972 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read iCloud Services >15:53:49.6566255 iCloudServices.exe 5152 RegCreateKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\SOFTWARE\Apple Inc.\Internet Services SUCCESS Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY Read iCloud Services >15:53:49.6567421 iCloudServices.exe 5152 RegSetInfoKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Apple Inc.\Internet Services SUCCESS KeySetInformationClass: KeySetHandleTagsInformation, Length: 0 Write Metadata iCloud Services >15:53:49.6567634 iCloudServices.exe 5152 RegQueryValue HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Apple Inc.\Internet Services\SignedIn SUCCESS Type: REG_SZ, Length: 36, Data: ilonguk@gmail.com Read iCloud Services >15:53:49.6567897 iCloudServices.exe 5152 RegCloseKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Apple Inc.\Internet Services SUCCESS iCloud Services >15:53:49.6570319 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read iCloud Services >15:53:49.6570479 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read iCloud Services >15:53:49.6570647 iCloudServices.exe 5152 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS Desired Access: Read Read iCloud Services >15:53:49.6570820 iCloudServices.exe 5152 RegSetInfoKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS KeySetInformationClass: KeySetHandleTagsInformation, Length: 0 Write Metadata iCloud Services >15:53:49.6570927 iCloudServices.exe 5152 RegQueryValue HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run\iCloudPhotos NAME NOT FOUND Length: 144 Read iCloud Services >15:53:49.6571103 iCloudServices.exe 5152 RegCloseKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS iCloud Services >15:53:49.6573131 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6573147 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read iCloud Services >15:53:49.6573324 iCloudServices.exe 5152 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read iCloud Services >15:53:49.6573562 iCloudServices.exe 5152 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS Desired Access: Read Read iCloud Services >15:53:49.6573665 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6573812 iCloudServices.exe 5152 RegSetInfoKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS KeySetInformationClass: KeySetHandleTagsInformation, Length: 0 Write Metadata iCloud Services >15:53:49.6573907 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,254, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2b000000030c96, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6573981 iCloudServices.exe 5152 RegQueryValue HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run\iCloudDrive BUFFER OVERFLOW Length: 144 Read iCloud Services >15:53:49.6574149 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\posixpath.py SUCCESS LibreOffice >15:53:49.6574182 iCloudServices.exe 5152 RegQueryValue HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run\iCloudDrive SUCCESS Type: REG_SZ, Length: 152, Data: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe Read iCloud Services >15:53:49.6574424 iCloudServices.exe 5152 RegCloseKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Microsoft\Windows\CurrentVersion\Run SUCCESS iCloud Services >15:53:49.6580056 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6581797 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6581920 MsMpEng.exe 1180 CreateFile C:\Windows\System32\efslsaext.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6582039 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6582290 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.6582392 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efslsaext.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6582614 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efslsaext.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:19, LastAccessTime: 14/07/2009 00:50:19, LastWriteTime: 14/07/2009 02:40:35, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 57,344, EndOfFile: 56,832, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b65, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6582844 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efslsaext.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6583024 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efslsaext.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:19, LastAccessTime: 14/07/2009 00:50:19, LastWriteTime: 14/07/2009 02:40:35, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 57,344, EndOfFile: 56,832, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b65, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6583300 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\efslsaext.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6583714 MsMpEng.exe 1180 CloseFile C:\Windows\System32\efslsaext.dll SUCCESS Antimalware Service Executable >15:53:49.6587811 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\posixpath.cpython-33.pyc.347659424 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.6590401 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6590570 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.6590750 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\tempfile NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6591136 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6591239 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.6591391 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\tempfile NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6594823 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6596190 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6596342 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6596498 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.6600968 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6601744 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6601888 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,013, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x46000000030db2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6602031 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS LibreOffice >15:53:49.6606481 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6606797 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6606933 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,013, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x46000000030db2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6607167 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS LibreOffice >15:53:49.6610114 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\tempfile.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.6613136 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6613715 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6613928 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,013, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x46000000030db2, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6614355 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6614544 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,013, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x46000000030db2, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6614852 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS Offset: 0, Length: 23,013, Priority: Normal Read LibreOffice >15:53:49.6615336 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py END OF FILE Offset: 23,013, Length: 1 Read LibreOffice >15:53:49.6615624 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS LibreOffice >15:53:49.6626552 MsMpEng.exe 1180 CreateFile C:\Windows\System32\scecli.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6627836 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\scecli.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6628005 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\scecli.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:32, LastAccessTime: 21/11/2010 04:24:32, LastWriteTime: 21/11/2010 04:24:32, ChangeTime: 28/05/2012 21:48:22, FileAttributes: A, AllocationSize: 233,472, EndOfFile: 232,960, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000610e, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6628169 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\scecli.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6628280 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\scecli.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:32, LastAccessTime: 21/11/2010 04:24:32, LastWriteTime: 21/11/2010 04:24:32, ChangeTime: 28/05/2012 21:48:22, FileAttributes: A, AllocationSize: 233,472, EndOfFile: 232,960, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000610e, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6628440 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\scecli.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6628735 MsMpEng.exe 1180 CloseFile C:\Windows\System32\scecli.dll SUCCESS Antimalware Service Executable >15:53:49.6672065 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6672583 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6672829 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,013, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x46000000030db2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6673100 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tempfile.py SUCCESS LibreOffice >15:53:49.6676376 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6677956 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6678088 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6678227 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.6681910 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\tempfile.cpython-33.pyc.347659680 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.6684447 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6684615 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.6684800 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\shutil NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6685186 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6685284 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.6685440 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\shutil NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6687903 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6689504 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6689644 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6689792 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.6692657 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6693437 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6693568 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 39,147, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x11000000030d33, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6693704 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS LibreOffice >15:53:49.6696618 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6696898 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6697021 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 39,147, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x11000000030d33, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6697152 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS LibreOffice >15:53:49.6700239 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\shutil.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.6702821 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6703355 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6703544 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 39,147, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x11000000030d33, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6703934 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6704106 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 39,147, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x11000000030d33, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6704377 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS Offset: 0, Length: 39,147, Priority: Normal Read LibreOffice >15:53:49.6704890 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py END OF FILE Offset: 39,147, Length: 1 Read LibreOffice >15:53:49.6705169 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS LibreOffice >15:53:49.6706257 MsMpEng.exe 1180 CreateFile C:\Windows\System32\keyiso.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6708138 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\keyiso.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6708359 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\keyiso.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:16, LastAccessTime: 14/07/2009 00:49:16, LastWriteTime: 14/07/2009 02:41:13, ChangeTime: 28/05/2012 21:47:42, FileAttributes: A, AllocationSize: 32,768, EndOfFile: 29,184, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005d7d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6708585 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\keyiso.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6708766 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\keyiso.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:16, LastAccessTime: 14/07/2009 00:49:16, LastWriteTime: 14/07/2009 02:41:13, ChangeTime: 28/05/2012 21:47:42, FileAttributes: A, AllocationSize: 32,768, EndOfFile: 29,184, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005d7d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6709004 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\keyiso.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6709381 MsMpEng.exe 1180 CloseFile C:\Windows\System32\keyiso.dll SUCCESS Antimalware Service Executable >15:53:49.6723331 MsMpEng.exe 1180 CreateFile C:\Windows\System32\efssvc.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6725942 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efssvc.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6726196 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efssvc.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:19, LastAccessTime: 14/07/2009 00:50:19, LastWriteTime: 14/07/2009 02:40:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 37,376, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b66, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6726438 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efssvc.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6726631 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efssvc.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:19, LastAccessTime: 14/07/2009 00:50:19, LastWriteTime: 14/07/2009 02:40:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 37,376, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b66, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6726873 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\efssvc.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6727263 MsMpEng.exe 1180 CloseFile C:\Windows\System32\efssvc.dll SUCCESS Antimalware Service Executable >15:53:49.6750897 MsMpEng.exe 1180 CreateFile C:\Windows\System32\efscore.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6752674 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efscore.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6752917 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efscore.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:16, LastAccessTime: 21/11/2010 04:24:16, LastWriteTime: 21/11/2010 04:24:16, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 307,200, EndOfFile: 304,128, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b63, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6753147 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efscore.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6753327 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efscore.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:16, LastAccessTime: 21/11/2010 04:24:16, LastWriteTime: 21/11/2010 04:24:16, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 307,200, EndOfFile: 304,128, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b63, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6753582 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\efscore.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6754025 MsMpEng.exe 1180 CloseFile C:\Windows\System32\efscore.dll SUCCESS Antimalware Service Executable >15:53:49.6766135 cmdagent.exe 1108 FileSystemControl C: SUCCESS Control: FSCTL_READ_USN_JOURNAL Read Metadata COMODO Internet Security >15:53:49.6766423 cmdagent.exe 1108 FileSystemControl C: SUCCESS Control: FSCTL_READ_USN_JOURNAL Read Metadata COMODO Internet Security >15:53:49.6766952 cmdagent.exe 1108 FileSystemControl C: SUCCESS Control: FSCTL_READ_USN_JOURNAL Read Metadata COMODO Internet Security >15:53:49.6783804 MsMpEng.exe 1180 CreateFile C:\Windows\System32\efsutil.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6785635 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efsutil.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6785980 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efsutil.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:22, LastAccessTime: 14/07/2009 00:50:22, LastWriteTime: 14/07/2009 02:40:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 34,816, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b69, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6786222 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\efsutil.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6786427 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\efsutil.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:50:22, LastAccessTime: 14/07/2009 00:50:22, LastWriteTime: 14/07/2009 02:40:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 34,816, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b69, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6786677 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\efsutil.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6787072 MsMpEng.exe 1180 CloseFile C:\Windows\System32\efsutil.dll SUCCESS Antimalware Service Executable >15:53:49.6795635 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6796041 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6796206 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 40,960, EndOfFile: 39,147, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x11000000030d33, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6796374 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\shutil.py SUCCESS LibreOffice >15:53:49.6799100 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6800647 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6800775 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6800914 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.6804753 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\shutil.cpython-33.pyc.347660064 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.6806801 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6806969 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.6807154 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\fnmatch NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6807544 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6807643 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.6807790 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\fnmatch NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6810184 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6811957 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6812105 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6812257 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.6815167 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6815992 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6816128 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:31, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:31, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,163, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5400000003079f, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6816267 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS LibreOffice >15:53:49.6819264 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6819552 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6819675 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:31, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:31, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,163, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5400000003079f, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6819810 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS LibreOffice >15:53:49.6822852 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\fnmatch.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.6825131 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6825525 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6825652 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:31, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:31, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,163, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5400000003079f, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6825947 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6826071 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:31, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:31, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,163, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5400000003079f, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6826218 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS Offset: 0, Length: 3,163, Priority: Normal Read LibreOffice >15:53:49.6826551 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py END OF FILE Offset: 3,163, Length: 8,192 Read LibreOffice >15:53:49.6826723 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS LibreOffice >15:53:49.6837729 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6838222 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6838464 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:31, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:31, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,163, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5400000003079f, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6838628 MsMpEng.exe 1180 CreateFile C:\Windows\System32\gpapi.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6838735 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\fnmatch.py SUCCESS LibreOffice >15:53:49.6840640 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\gpapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6840890 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\gpapi.dll BUFFER OVERFLOW CreationTime: 21/09/2016 20:13:02, LastAccessTime: 21/09/2016 20:13:02, LastWriteTime: 21/09/2016 20:13:02, ChangeTime: 21/09/2016 20:41:14, FileAttributes: A, AllocationSize: 98,304, EndOfFile: 96,256, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000557a5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6841116 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\gpapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6841301 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\gpapi.dll BUFFER OVERFLOW CreationTime: 21/09/2016 20:13:02, LastAccessTime: 21/09/2016 20:13:02, LastWriteTime: 21/09/2016 20:13:02, ChangeTime: 21/09/2016 20:41:14, FileAttributes: A, AllocationSize: 98,304, EndOfFile: 96,256, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000557a5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6841559 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\gpapi.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6841921 MsMpEng.exe 1180 CloseFile C:\Windows\System32\gpapi.dll SUCCESS Antimalware Service Executable >15:53:49.6842068 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6844203 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6844421 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6844589 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.6845665 MsMpEng.exe 1180 CreateFile C:\Windows\System32\gpapi.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6847516 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\gpapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6847746 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\gpapi.dll BUFFER OVERFLOW CreationTime: 21/09/2016 20:13:02, LastAccessTime: 21/09/2016 20:13:02, LastWriteTime: 21/09/2016 20:13:02, ChangeTime: 21/09/2016 20:41:14, FileAttributes: A, AllocationSize: 98,304, EndOfFile: 96,256, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000557a5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6847959 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\gpapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6848140 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\gpapi.dll BUFFER OVERFLOW CreationTime: 21/09/2016 20:13:02, LastAccessTime: 21/09/2016 20:13:02, LastWriteTime: 21/09/2016 20:13:02, ChangeTime: 21/09/2016 20:41:14, FileAttributes: A, AllocationSize: 98,304, EndOfFile: 96,256, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x100000000557a5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6848341 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\gpapi.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6848427 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\fnmatch.cpython-33.pyc.347222048 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.6848653 MsMpEng.exe 1180 CloseFile C:\Windows\System32\gpapi.dll SUCCESS Antimalware Service Executable >15:53:49.6850870 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6851034 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.6851055 MsMpEng.exe 1180 CreateFile C:\Windows\System32\gpapi.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6851227 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\tarfile NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6851617 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.6851711 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.6851863 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\tarfile NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.6853091 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\gpapi.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6853271 MsMpEng.exe 1180 CloseFile C:\Windows\System32\gpapi.dll SUCCESS Antimalware Service Executable >15:53:49.6854343 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6856022 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6856166 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6856309 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.6859232 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6859987 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6860123 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 90,112, EndOfFile: 88,852, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x12000000030daa, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6860258 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS LibreOffice >15:53:49.6863268 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6863575 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6863703 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 90,112, EndOfFile: 88,852, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x12000000030daa, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6863842 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS LibreOffice >15:53:49.6866888 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\tarfile.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.6869175 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.6869581 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6869704 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 90,112, EndOfFile: 88,852, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x12000000030daa, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6870008 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.6870193 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 90,112, EndOfFile: 88,852, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x12000000030daa, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.6870431 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS Offset: 0, Length: 88,852, Priority: Normal Read LibreOffice >15:53:49.6870969 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py END OF FILE Offset: 88,852, Length: 1 Read LibreOffice >15:53:49.6871141 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS LibreOffice >15:53:49.6876063 MsMpEng.exe 1180 CreateFile C:\Windows\System32\dssenh.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6877804 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\dssenh.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6878038 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\dssenh.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:53:23, LastAccessTime: 14/07/2009 00:53:23, LastWriteTime: 14/07/2009 02:43:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 192,512, EndOfFile: 190,880, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b38, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6878272 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\dssenh.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6878481 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\dssenh.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:53:23, LastAccessTime: 14/07/2009 00:53:23, LastWriteTime: 14/07/2009 02:43:36, ChangeTime: 28/05/2012 21:47:27, FileAttributes: A, AllocationSize: 192,512, EndOfFile: 190,880, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005b38, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6878748 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\dssenh.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6879113 MsMpEng.exe 1180 CloseFile C:\Windows\System32\dssenh.dll SUCCESS Antimalware Service Executable >15:53:49.6894307 MsMpEng.exe 1180 CreateFile C:\Windows\System32\pstorsvc.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6896211 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pstorsvc.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6896450 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pstorsvc.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:17, LastAccessTime: 14/07/2009 00:49:17, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:20, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 36,352, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006064, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6896675 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pstorsvc.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6896872 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pstorsvc.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:17, LastAccessTime: 14/07/2009 00:49:17, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:20, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 36,352, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006064, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6897123 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\pstorsvc.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6897459 MsMpEng.exe 1180 CloseFile C:\Windows\System32\pstorsvc.dll SUCCESS Antimalware Service Executable >15:53:49.6911327 MsMpEng.exe 1180 CreateFile C:\Windows\System32\psbase.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6913404 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\psbase.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6913667 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\psbase.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:19, LastAccessTime: 14/07/2009 00:49:19, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:19, FileAttributes: A, AllocationSize: 53,248, EndOfFile: 52,224, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006059, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6913892 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\psbase.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6914098 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\psbase.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:49:19, LastAccessTime: 14/07/2009 00:49:19, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:19, FileAttributes: A, AllocationSize: 53,248, EndOfFile: 52,224, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006059, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6914352 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\psbase.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6914689 MsMpEng.exe 1180 CloseFile C:\Windows\System32\psbase.dll SUCCESS Antimalware Service Executable >15:53:49.6980827 MsMpEng.exe 1180 CreateFile C:\Windows\System32\cryptnet.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6982428 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\cryptnet.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6982592 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\cryptnet.dll BUFFER OVERFLOW CreationTime: 13/05/2017 09:49:27, LastAccessTime: 13/05/2017 09:49:27, LastWriteTime: 12/04/2017 16:32:10, ChangeTime: 13/05/2017 10:07:20, FileAttributes: A, AllocationSize: 143,360, EndOfFile: 141,824, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000076927, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6982752 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\cryptnet.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6982876 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\cryptnet.dll BUFFER OVERFLOW CreationTime: 13/05/2017 09:49:27, LastAccessTime: 13/05/2017 09:49:27, LastWriteTime: 12/04/2017 16:32:10, ChangeTime: 13/05/2017 10:07:20, FileAttributes: A, AllocationSize: 143,360, EndOfFile: 141,824, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000076927, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6983032 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\cryptnet.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6983294 MsMpEng.exe 1180 CloseFile C:\Windows\System32\cryptnet.dll SUCCESS Antimalware Service Executable >15:53:49.6984735 MsMpEng.exe 1180 CreateFile C:\Windows\System32\cryptnet.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6986242 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\cryptnet.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6986381 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\cryptnet.dll BUFFER OVERFLOW CreationTime: 13/05/2017 09:49:27, LastAccessTime: 13/05/2017 09:49:27, LastWriteTime: 12/04/2017 16:32:10, ChangeTime: 13/05/2017 10:07:20, FileAttributes: A, AllocationSize: 143,360, EndOfFile: 141,824, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000076927, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6986513 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\cryptnet.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.6986624 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\cryptnet.dll BUFFER OVERFLOW CreationTime: 13/05/2017 09:49:27, LastAccessTime: 13/05/2017 09:49:27, LastWriteTime: 12/04/2017 16:32:10, ChangeTime: 13/05/2017 10:07:20, FileAttributes: A, AllocationSize: 143,360, EndOfFile: 141,824, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000076927, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.6986767 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\cryptnet.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6986944 MsMpEng.exe 1180 CloseFile C:\Windows\System32\cryptnet.dll SUCCESS Antimalware Service Executable >15:53:49.6988434 MsMpEng.exe 1180 CreateFile C:\Windows\System32\cryptnet.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.6990265 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\cryptnet.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.6990421 MsMpEng.exe 1180 CloseFile C:\Windows\System32\cryptnet.dll SUCCESS Antimalware Service Executable >15:53:49.7028476 MsMpEng.exe 1180 CreateFile C:\Windows\System32\SensApi.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7029683 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\SensApi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7029826 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\SensApi.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:34:32, LastAccessTime: 14/07/2009 00:34:32, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:24, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 15,872, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006141, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7029962 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\SensApi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7030068 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\SensApi.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:34:32, LastAccessTime: 14/07/2009 00:34:32, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:24, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 15,872, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000006141, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7030216 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\SensApi.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7030471 MsMpEng.exe 1180 CloseFile C:\Windows\System32\SensApi.dll SUCCESS Antimalware Service Executable >15:53:49.7050479 MsMpEng.exe 1180 CreateFile C:\Windows\System32\CertPolEng.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7050808 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\CertPolEng.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7050951 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\CertPolEng.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:01, LastAccessTime: 21/11/2010 04:24:01, LastWriteTime: 21/11/2010 04:24:01, ChangeTime: 28/05/2012 21:47:25, FileAttributes: A, AllocationSize: 73,728, EndOfFile: 71,680, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000058d4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7051087 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\CertPolEng.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7051194 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\CertPolEng.dll BUFFER OVERFLOW CreationTime: 21/11/2010 04:24:01, LastAccessTime: 21/11/2010 04:24:01, LastWriteTime: 21/11/2010 04:24:01, ChangeTime: 28/05/2012 21:47:25, FileAttributes: A, AllocationSize: 73,728, EndOfFile: 71,680, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000058d4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7051341 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\CertPolEng.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7051600 MsMpEng.exe 1180 CloseFile C:\Windows\System32\CertPolEng.dll SUCCESS Antimalware Service Executable >15:53:49.7085156 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7085648 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7085907 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 90,112, EndOfFile: 88,852, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x12000000030daa, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7086157 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\tarfile.py SUCCESS LibreOffice >15:53:49.7086490 MsMpEng.exe 1180 CreateFile C:\Windows\System32\lsm.exe SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7088001 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\lsm.exe SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7088136 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\lsm.exe BUFFER OVERFLOW CreationTime: 21/11/2010 04:23:53, LastAccessTime: 21/11/2010 04:23:53, LastWriteTime: 21/11/2010 04:23:53, ChangeTime: 28/05/2012 21:47:44, FileAttributes: A, AllocationSize: 344,064, EndOfFile: 343,040, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005dc9, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7088267 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\lsm.exe SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7088374 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\lsm.exe BUFFER OVERFLOW CreationTime: 21/11/2010 04:23:53, LastAccessTime: 21/11/2010 04:23:53, LastWriteTime: 21/11/2010 04:23:53, ChangeTime: 28/05/2012 21:47:44, FileAttributes: A, AllocationSize: 344,064, EndOfFile: 343,040, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005dc9, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7088526 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\lsm.exe SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7088846 MsMpEng.exe 1180 CloseFile C:\Windows\System32\lsm.exe SUCCESS Antimalware Service Executable >15:53:49.7089585 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7091432 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7091666 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7091892 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.7096412 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\tarfile.cpython-33.pyc.347222304 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7098670 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7098834 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7099031 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\copy NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7099417 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7099516 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7099667 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\copy NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7102102 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7103740 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7103883 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7104027 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7106991 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7107919 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7108058 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 8,991, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x10e00000002fc93, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7108194 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS LibreOffice >15:53:49.7111306 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7111605 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7111737 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 8,991, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x10e00000002fc93, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7111868 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS LibreOffice >15:53:49.7114889 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\copy.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7117238 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7117640 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7117788 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 8,991, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x10e00000002fc93, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7118067 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7118173 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 8,991, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x10e00000002fc93, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7118383 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS Offset: 0, Length: 8,991, Priority: Normal Read LibreOffice >15:53:49.7118691 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py END OF FILE Offset: 8,991, Length: 1 Read LibreOffice >15:53:49.7118855 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS LibreOffice >15:53:49.7153014 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7153363 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7153515 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 8,991, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x10e00000002fc93, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7153671 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\copy.py SUCCESS LibreOffice >15:53:49.7156393 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7157936 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7158063 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7158199 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.7161631 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\copy.cpython-33.pyc.347223328 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7164057 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7164225 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7164410 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\org NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7164812 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7164919 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7165079 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\org NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7167522 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7169123 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7169262 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7169402 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7172366 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7173917 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7174041 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7174197 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7177973 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7178273 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7178400 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7178540 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7179862 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7181241 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7181364 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7181500 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7185305 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7186890 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7187013 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7187144 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7194357 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7194530 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7194714 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\grp NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7195096 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7195195 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7195346 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\grp NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7197888 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7199489 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7199632 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7199776 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7203040 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7204731 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7204862 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7205018 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7209283 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7209747 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7209961 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7210187 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7211320 MsMpEng.exe 1180 CreateFile C:\Windows\System32\sysntfy.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7212264 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7212609 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\sysntfy.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7212756 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\sysntfy.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:52:25, LastAccessTime: 14/07/2009 00:52:25, LastWriteTime: 14/07/2009 02:41:54, ChangeTime: 28/05/2012 21:48:31, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,040, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000061fa, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7212904 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\sysntfy.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7213019 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\sysntfy.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:52:25, LastAccessTime: 14/07/2009 00:52:25, LastWriteTime: 14/07/2009 02:41:54, ChangeTime: 28/05/2012 21:48:31, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 23,040, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000061fa, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7213175 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\sysntfy.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7213479 MsMpEng.exe 1180 CloseFile C:\Windows\System32\sysntfy.dll SUCCESS Antimalware Service Executable >15:53:49.7213889 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7214021 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7214156 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7217629 cistray.exe 5104 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read COMODO Internet Security >15:53:49.7217822 cistray.exe 5104 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode REPARSE Desired Access: Read Read COMODO Internet Security >15:53:49.7218044 cistray.exe 5104 RegOpenKey HKLM\System\CurrentControlSet\Services\CmdAgent\Mode SUCCESS Desired Access: Read Read COMODO Internet Security >15:53:49.7218274 cistray.exe 5104 RegCloseKey HKLM\System\CurrentControlSet\services\cmdAgent\Mode SUCCESS COMODO Internet Security >15:53:49.7218848 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7220819 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7221028 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7221254 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7229345 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7229522 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7229723 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\bz2 NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7230158 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7230269 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7230437 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\bz2 NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7230651 Explorer.EXE 2524 CreateFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Windows Explorer >15:53:49.7231176 Explorer.EXE 2524 QueryBasicInformationFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS CreationTime: 16/08/2014 13:25:40, LastAccessTime: 13/07/2017 14:10:07, LastWriteTime: 11/07/2017 12:37:00, ChangeTime: 13/07/2017 14:10:07, FileAttributes: A Read Metadata Windows Explorer >15:53:49.7231509 Explorer.EXE 2524 CloseFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Windows Explorer >15:53:49.7234350 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7236250 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7236476 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7236718 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7237022 Explorer.EXE 2524 CreateFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened Windows Explorer >15:53:49.7237777 Explorer.EXE 2524 CreateFileMapping C:\Program Files\COMODO\COMODO Internet Security\cistray.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: Windows Explorer >15:53:49.7238098 Explorer.EXE 2524 QueryStandardInformationFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS AllocationSize: 1,490,944, EndOfFile: 1,489,088, NumberOfLinks: 1, DeletePending: False, Directory: False Read Metadata Windows Explorer >15:53:49.7238676 Explorer.EXE 2524 CreateFileMapping C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS SyncType: SyncTypeOther Windows Explorer >15:53:49.7239682 Explorer.EXE 2524 CloseFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Windows Explorer >15:53:49.7240405 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7241575 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7241800 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 18,473, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x8100000002fad0, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7241989 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS LibreOffice >15:53:49.7242560 MsMpEng.exe 1180 CreateFile C:\Windows\System32\wmsgapi.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7244633 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\wmsgapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7244871 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\wmsgapi.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:52:25, LastAccessTime: 14/07/2009 00:52:25, LastWriteTime: 14/07/2009 02:41:57, ChangeTime: 28/05/2012 21:48:51, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,848, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000063bd, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7245101 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\wmsgapi.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7245269 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\wmsgapi.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:52:25, LastAccessTime: 14/07/2009 00:52:25, LastWriteTime: 14/07/2009 02:41:57, ChangeTime: 28/05/2012 21:48:51, FileAttributes: A, AllocationSize: 16,384, EndOfFile: 14,848, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x10000000063bd, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7245442 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\wmsgapi.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7245897 MsMpEng.exe 1180 CloseFile C:\Windows\System32\wmsgapi.dll SUCCESS Antimalware Service Executable >15:53:49.7247437 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7247872 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7248077 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 18,473, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x8100000002fad0, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7248332 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS LibreOffice >15:53:49.7249477 Explorer.EXE 2524 CreateFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Windows Explorer >15:53:49.7249998 Explorer.EXE 2524 QueryBasicInformationFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS CreationTime: 16/08/2014 13:25:40, LastAccessTime: 13/07/2017 14:10:07, LastWriteTime: 11/07/2017 12:37:00, ChangeTime: 13/07/2017 14:10:07, FileAttributes: A Read Metadata Windows Explorer >15:53:49.7250319 Explorer.EXE 2524 CloseFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Windows Explorer >15:53:49.7253603 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\bz2.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7255274 Explorer.EXE 2524 CreateFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened Windows Explorer >15:53:49.7256247 Explorer.EXE 2524 CreateFileMapping C:\Program Files\COMODO\COMODO Internet Security\cistray.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: Windows Explorer >15:53:49.7256546 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7256554 Explorer.EXE 2524 QueryStandardInformationFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS AllocationSize: 1,490,944, EndOfFile: 1,489,088, NumberOfLinks: 1, DeletePending: False, Directory: False Read Metadata Windows Explorer >15:53:49.7257031 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7257141 Explorer.EXE 2524 CreateFileMapping C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS SyncType: SyncTypeOther Windows Explorer >15:53:49.7257232 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 18,473, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x8100000002fad0, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7257638 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7257811 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 18,473, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x8100000002fad0, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7258028 Explorer.EXE 2524 CloseFile C:\Program Files\COMODO\COMODO Internet Security\cistray.exe SUCCESS Windows Explorer >15:53:49.7258086 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS Offset: 0, Length: 18,473, Priority: Normal Read LibreOffice >15:53:49.7258472 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py END OF FILE Offset: 18,473, Length: 1 Read LibreOffice >15:53:49.7258652 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS LibreOffice >15:53:49.7294576 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7294946 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7295106 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 18,473, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x8100000002fad0, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7295270 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\bz2.py SUCCESS LibreOffice >15:53:49.7297980 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7299548 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7299675 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7299815 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.7303357 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\bz2.cpython-33.pyc.347223584 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7305233 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7305389 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7305586 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\_bz2 NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7305997 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7306100 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7306252 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\_bz2 NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7308637 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7310250 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7310385 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7310529 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7313485 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7315041 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7315168 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7315299 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7318969 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7319380 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7319544 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7319749 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7321662 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7323079 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7323198 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7323337 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7327184 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7328723 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7328842 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7328974 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7335300 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7335464 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7335657 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\pwd NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7336076 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7336174 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7336330 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\pwd NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7338863 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7340456 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7340599 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7340747 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7343748 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7345304 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7345427 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7345567 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7349175 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7349467 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7349590 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7349807 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7351741 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7353190 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7353317 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7353449 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7357303 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7358871 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7358995 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7359126 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7365534 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7365690 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7365879 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\grp NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7366244 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7366343 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7366495 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\grp NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7369032 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7370625 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7370772 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7370916 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7373950 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7375510 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7375637 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7375789 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7379393 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7379681 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7379800 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7379931 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7381676 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7383223 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7383351 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7383486 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7387353 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7388901 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7389024 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7389151 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7406212 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7406393 MsMpEng.exe 1180 CreateFile C:\Windows\System32\pcwum.dll SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7406430 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7406651 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\fcntl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7407078 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7407181 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7407395 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\fcntl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7408782 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pcwum.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7409086 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pcwum.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:19:25, LastAccessTime: 14/07/2009 00:19:25, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:18, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 36,864, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005fef, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7409349 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\pcwum.dll SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7409554 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\pcwum.dll BUFFER OVERFLOW CreationTime: 14/07/2009 00:19:25, LastAccessTime: 14/07/2009 00:19:25, LastWriteTime: 14/07/2009 02:41:53, ChangeTime: 28/05/2012 21:48:18, FileAttributes: A, AllocationSize: 36,864, EndOfFile: 36,864, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x1000000005fef, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7409808 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\pcwum.dll SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7410219 MsMpEng.exe 1180 CloseFile C:\Windows\System32\pcwum.dll SUCCESS Antimalware Service Executable >15:53:49.7410703 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7412341 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7412477 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7412624 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7415896 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7417489 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7417620 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:32, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 19/07/2017 15:45:32, ChangeTime: 19/07/2017 15:45:32, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x10000000030d39, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7417764 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\site-packages SUCCESS LibreOffice >15:53:49.7422144 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7422444 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7422575 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program BUFFER OVERFLOW CreationTime: 19/07/2017 15:44:49, LastAccessTime: 19/07/2017 15:47:48, LastWriteTime: 19/07/2017 15:47:48, ChangeTime: 19/07/2017 15:47:48, FileAttributes: D, AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7800000001b800, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7422715 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program SUCCESS LibreOffice >15:53:49.7424074 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7425428 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7425548 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 19/07/2017 15:45:28, ChangeTime: 19/07/2017 15:45:28, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x6600000002f75d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7425683 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0 SUCCESS LibreOffice >15:53:49.7429575 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7431126 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7431246 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:43, LastAccessTime: 19/07/2017 15:45:43, LastWriteTime: 19/07/2017 15:45:43, ChangeTime: 19/07/2017 15:45:43, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x5000000003165b, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7431377 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\share\extensions\dict-en\pythonpath SUCCESS LibreOffice >15:53:49.7435388 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7435560 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7435757 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\contextlib NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7436180 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7436291 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7436496 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\contextlib NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7439086 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7440696 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7440835 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7440975 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7444086 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7444427 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7444554 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 9,125, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xf00000002fc7d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7444702 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS LibreOffice >15:53:49.7448224 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7448602 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7448734 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 9,125, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xf00000002fc7d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7448873 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS LibreOffice >15:53:49.7452005 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\contextlib.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7454382 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7454776 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7454904 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 9,125, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xf00000002fc7d, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7455191 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7455302 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 9,125, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xf00000002fc7d, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7455491 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS Offset: 0, Length: 9,125, Priority: Normal Read LibreOffice >15:53:49.7455815 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py END OF FILE Offset: 9,125, Length: 1 Read LibreOffice >15:53:49.7455983 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS LibreOffice >15:53:49.7474124 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7474596 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7474777 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:54, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:54, ChangeTime: 19/07/2017 15:45:28, FileAttributes: A, AllocationSize: 12,288, EndOfFile: 9,125, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xf00000002fc7d, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7474941 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\contextlib.py SUCCESS LibreOffice >15:53:49.7477749 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7479309 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7479440 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7479584 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.7483422 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\contextlib.cpython-33.pyc.347679696 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7486694 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7486858 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7487051 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\urllib.error NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7487449 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7487548 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7487700 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\urllib.error NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7490261 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7491875 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7492022 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:33, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 19/07/2017 15:45:33, ChangeTime: 19/07/2017 15:45:33, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x17000000030eb2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7492170 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS LibreOffice >15:53:49.7495126 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7495885 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7496021 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 2,570, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x35000000030ec5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7496169 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS LibreOffice >15:53:49.7500487 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7500910 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7501111 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 2,570, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x35000000030ec5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7501345 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS LibreOffice >15:53:49.7502675 MsMpEng.exe 1180 CreateFile C:\Windows\System32\svchost.exe SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened Antimalware Service Executable >15:53:49.7503324 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__\error.cpython-33.pyc PATH NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7504662 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\svchost.exe SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7504896 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\svchost.exe BUFFER OVERFLOW CreationTime: 28/05/2012 08:15:18, LastAccessTime: 28/05/2012 08:15:18, LastWriteTime: 01/03/2011 09:07:49, ChangeTime: 28/05/2012 08:19:19, FileAttributes: A, AllocationSize: 28,672, EndOfFile: 27,648, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x60000000263bb, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7505118 MsMpEng.exe 1180 QueryInformationVolume C:\Windows\System32\svchost.exe SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: Antimalware Service Executable >15:53:49.7505299 MsMpEng.exe 1180 QueryAllInformationFile C:\Windows\System32\svchost.exe BUFFER OVERFLOW CreationTime: 28/05/2012 08:15:18, LastAccessTime: 28/05/2012 08:15:18, LastWriteTime: 01/03/2011 09:07:49, ChangeTime: 28/05/2012 08:19:19, FileAttributes: A, AllocationSize: 28,672, EndOfFile: 27,648, NumberOfLinks: 2, DeletePending: False, Directory: False, IndexNumber: 0x60000000263bb, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata Antimalware Service Executable >15:53:49.7505553 MsMpEng.exe 1180 FileSystemControl C:\Windows\System32\svchost.exe SUCCESS Control: FSCTL_READ_FILE_USN_DATA Read Metadata Antimalware Service Executable >15:53:49.7505959 MsMpEng.exe 1180 CloseFile C:\Windows\System32\svchost.exe SUCCESS Antimalware Service Executable >15:53:49.7506271 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7506739 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7506863 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 2,570, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x35000000030ec5, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7507146 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7507253 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 2,570, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x35000000030ec5, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7507400 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS Offset: 0, Length: 2,570, Priority: Normal Read LibreOffice >15:53:49.7507716 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py END OF FILE Offset: 2,570, Length: 8,192 Read LibreOffice >15:53:49.7507893 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS LibreOffice >15:53:49.7517273 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7517643 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7517795 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 2,570, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x35000000030ec5, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7517959 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\error.py SUCCESS LibreOffice >15:53:49.7520410 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__ NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a LibreOffice >15:53:49.7523353 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7524962 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7525094 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:33, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 19/07/2017 15:45:33, ChangeTime: 19/07/2017 15:45:33, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x17000000030eb2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7525233 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS LibreOffice >15:53:49.7528000 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__ ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7529679 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7529847 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7530073 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\urllib.response NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7530504 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7530652 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7530833 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\urllib.response NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7533567 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7535151 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7535291 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:33, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 19/07/2017 15:45:33, ChangeTime: 19/07/2017 15:45:33, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x17000000030eb2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7535439 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS LibreOffice >15:53:49.7538362 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7539146 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7539289 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,021, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x33000000030ece, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7539433 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS LibreOffice >15:53:49.7542401 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7542684 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7542807 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,021, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x33000000030ece, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7543033 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS LibreOffice >15:53:49.7544207 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__\response.cpython-33.pyc PATH NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7547947 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7548358 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7548489 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,021, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x33000000030ece, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7548768 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7548875 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,021, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x33000000030ece, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7549019 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS Offset: 0, Length: 3,021, Priority: Normal Read LibreOffice >15:53:49.7549372 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py END OF FILE Offset: 3,021, Length: 8,192 Read LibreOffice >15:53:49.7549560 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS LibreOffice >15:53:49.7560226 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7561519 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7561683 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:07:00, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 17/06/2017 01:07:00, ChangeTime: 19/07/2017 15:45:33, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 3,021, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x33000000030ece, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7561843 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\response.py SUCCESS LibreOffice >15:53:49.7565008 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__ NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a LibreOffice >15:53:49.7567783 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7569380 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7569528 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:33, LastAccessTime: 19/07/2017 15:45:33, LastWriteTime: 19/07/2017 15:45:33, ChangeTime: 19/07/2017 15:45:33, FileAttributes: D, AllocationSize: 4,096, EndOfFile: 4,096, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x17000000030eb2, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7569672 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib SUCCESS LibreOffice >15:53:49.7572438 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\urllib\__pycache__ ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7576408 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7576585 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7576790 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\ssl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7577127 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7577291 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7577508 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\ssl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7580546 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7582139 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7582279 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7582430 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7585329 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7585628 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7585764 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 24,326, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x9e000000030d95, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7585903 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS LibreOffice >15:53:49.7588884 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7589171 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7589290 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 24,326, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x9e000000030d95, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7589434 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS LibreOffice >15:53:49.7592509 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\ssl.cpython-33.pyc NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a LibreOffice >15:53:49.7594824 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7595218 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7595341 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 24,326, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x9e000000030d95, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7595612 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7595727 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 24,326, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x9e000000030d95, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7595916 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS Offset: 0, Length: 24,326, Priority: Normal Read LibreOffice >15:53:49.7596166 soffice.bin 7992 ReadFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py END OF FILE Offset: 24,326, Length: 1 Read LibreOffice >15:53:49.7596331 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS LibreOffice >15:53:49.7641163 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7641586 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7641762 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py BUFFER OVERFLOW CreationTime: 17/06/2017 01:06:56, LastAccessTime: 19/07/2017 15:45:32, LastWriteTime: 17/06/2017 01:06:56, ChangeTime: 19/07/2017 15:45:32, FileAttributes: A, AllocationSize: 24,576, EndOfFile: 24,326, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x9e000000030d95, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7641931 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\ssl.py SUCCESS LibreOffice >15:53:49.7644689 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7646266 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7646393 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ BUFFER OVERFLOW CreationTime: 16/08/2017 16:36:08, LastAccessTime: 16/08/2017 16:36:09, LastWriteTime: 16/08/2017 16:36:09, ChangeTime: 16/08/2017 16:36:09, FileAttributes: D, AllocationSize: 8,192, EndOfFile: 8,192, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x1100000007e4a4, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7646533 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__ SUCCESS LibreOffice >15:53:49.7650026 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\__pycache__\ssl.cpython-33.pyc.347659936 ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0 Write LibreOffice >15:53:49.7651787 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7651943 soffice.bin 7992 RegQueryKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000 SUCCESS Query: Name Read LibreOffice >15:53:49.7652132 soffice.bin 7992 RegOpenKey HKU\S-1-5-21-1932762923-1623954500-4149157053-1000\Software\Python\PythonCore\3.3\Modules\_ssl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7652506 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 Read LibreOffice >15:53:49.7652608 soffice.bin 7992 RegQueryKey HKLM SUCCESS Query: Name Read LibreOffice >15:53:49.7652768 soffice.bin 7992 RegOpenKey HKLM\Software\Wow6432Node\Python\PythonCore\3.3\Modules\_ssl NAME NOT FOUND Desired Access: Read Read LibreOffice >15:53:49.7655153 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7656767 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7656902 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib BUFFER OVERFLOW CreationTime: 19/07/2017 15:45:28, LastAccessTime: 30/08/2017 12:59:14, LastWriteTime: 30/08/2017 12:59:14, ChangeTime: 30/08/2017 12:59:14, FileAttributes: D, AllocationSize: 65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x3400000002f951, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7657038 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib SUCCESS LibreOffice >15:53:49.7659850 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: None, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7660153 soffice.bin 7992 QueryInformationVolume C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS VolumeCreationTime: 28/05/2012 21:45:08, VolumeSerialNumber: 54C5-727D, SupportsObjects: True, VolumeLabel: LibreOffice >15:53:49.7660281 soffice.bin 7992 QueryAllInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd BUFFER OVERFLOW CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A, AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xb800000002f9bc, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Long Read Metadata LibreOffice >15:53:49.7660424 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.7666024 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7666287 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A Read Metadata LibreOffice >15:53:49.7666422 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.7668725 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7669160 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.7669296 soffice.bin 7992 QueryStandardInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS AllocationSize: 49,152, EndOfFile: 49,152, NumberOfLinks: 1, DeletePending: False, Directory: False Read Metadata LibreOffice >15:53:49.7669517 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.7669989 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.7674415 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7674653 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS CreationTime: 20/07/2017 15:24:01, LastAccessTime: 19/07/2017 15:45:28, LastWriteTime: 17/06/2017 01:06:52, ChangeTime: 30/08/2017 12:59:14, FileAttributes: A Read Metadata LibreOffice >15:53:49.7674764 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.7677071 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7677469 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.7678495 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.7685478 soffice.bin 7992 Load Image C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS Image Base: 0x12cf0000, Image Size: 0xe000 LibreOffice >15:53:49.7686266 soffice.bin 7992 CloseFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_ssl.pyd SUCCESS LibreOffice >15:53:49.7690778 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7693307 soffice.bin 7992 CreateFile C:\Windows\SysWOW64\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7698327 soffice.bin 7992 CreateFile C:\Windows\system\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7702010 soffice.bin 7992 CreateFile C:\Windows\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7708315 soffice.bin 7992 CreateFile C:\Program Files (x86)\LibreOffice 5\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7714584 soffice.bin 7992 CreateFile C:\ProgramData\Oracle\Java\javapath\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7720503 soffice.bin 7992 CreateFile C:\Program Files (x86)\PC Connectivity Solution\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7727568 soffice.bin 7992 CreateFile C:\Perl64\site\bin\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7733525 soffice.bin 7992 CreateFile C:\Perl64\bin\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7739379 soffice.bin 7992 CreateFile C:\Program Files\Common Files\Microsoft Shared\Windows Live\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7745139 soffice.bin 7992 CreateFile C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\LIBEAY32.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a LibreOffice >15:53:49.7751038 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7751300 soffice.bin 7992 QueryBasicInformationFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS CreationTime: 06/03/2012 17:33:14, LastAccessTime: 28/05/2012 07:13:13, LastWriteTime: 06/03/2012 17:33:14, ChangeTime: 28/05/2012 07:13:13, FileAttributes: A Read Metadata LibreOffice >15:53:49.7751419 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS LibreOffice >15:53:49.7754560 soffice.bin 7992 CreateFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened LibreOffice >15:53:49.7755007 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: LibreOffice >15:53:49.7756526 soffice.bin 7992 CreateFileMapping C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS SyncType: SyncTypeOther LibreOffice >15:53:49.7762319 soffice.bin 7992 Load Image C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS Image Base: 0x13010000, Image Size: 0x12b000 LibreOffice >15:53:49.7769749 soffice.bin 7992 CloseFile C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll SUCCESS LibreOffice
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=135883">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 109241
:
135759
|
135882
| 135883 |
135884