Лог ProcMon
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:54:16.1354428","TOTALCMD.EXE","2924","CreateFile","C:\Users\desktop.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"10:54:16.1359470","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:16.1360067","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","AllocationSize: 416, EndOfFile: 412, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:16.1360238","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","Offset: 0, Length: 412, Priority: Normal"
"10:54:16.1360871","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:52:14, LastAccessTime: 09.10.2016 10:52:07, LastWriteTime: 12.07.2016 13:04:06, ChangeTime: 12.07.2016 13:04:06, FileAttributes: HSA"
"10:54:16.1361042","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS",""
"10:54:16.1384065","TOTALCMD.EXE","2924","QueryDirectory","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","Filter: desktop.ini, 1: desktop.ini"
"10:54:18.0189887","powerpro.exe","2936","QueryOpen","C:\Users\Debath\Contacts\desktop.ini","FAST IO DISALLOWED",""
"10:54:18.0192188","powerpro.exe","2936","CreateFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:18.0193735","powerpro.exe","2936","QueryBasicInformationFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:52:14, LastAccessTime: 09.10.2016 10:54:16, LastWriteTime: 12.07.2016 13:04:06, ChangeTime: 12.07.2016 13:04:06, FileAttributes: HSA"
"10:54:18.0194423","powerpro.exe","2936","CloseFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS",""
"10:54:18.0198028","powerpro.exe","2936","QueryOpen","C:\Users\Debath\Contacts\desktop.ini","FAST IO DISALLOWED",""
"10:54:18.0200041","powerpro.exe","2936","CreateFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:18.0201264","powerpro.exe","2936","QueryBasicInformationFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:52:14, LastAccessTime: 09.10.2016 10:54:16, LastWriteTime: 12.07.2016 13:04:06, ChangeTime: 12.07.2016 13:04:06, FileAttributes: HSA"
"10:54:18.0202010","powerpro.exe","2936","CloseFile","C:\Users\Debath\Contacts\desktop.ini","SUCCESS",""
"10:54:18.0697548","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Desktop\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:18.0699361","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Desktop\desktop.ini","SUCCESS","AllocationSize: 288, EndOfFile: 282, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:18.0699896","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Desktop\desktop.ini","SUCCESS","Offset: 0, Length: 282, Priority: Normal"
"10:54:18.0701374","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Desktop\desktop.ini","SUCCESS","CreationTime: 14.10.2015 9:51:47, LastAccessTime: 09.10.2016 10:52:07, LastWriteTime: 12.07.2016 13:04:06, ChangeTime: 12.07.2016 13:04:06, FileAttributes: HSA"
"10:54:18.0701909","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Desktop\desktop.ini","SUCCESS",""
"10:54:18.2756004","TOTALCMD.EXE","2924","QueryDirectory","C:\Users\Debath\Desktop\desktop.ini","SUCCESS","Filter: desktop.ini, 1: desktop.ini"
"10:54:21.3527685","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3528286","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\desktop.ini","SUCCESS","AllocationSize: 408, EndOfFile: 402, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3528461","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\desktop.ini","SUCCESS","Offset: 0, Length: 402, Priority: Normal"
"10:54:21.3529079","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:53:02, LastAccessTime: 09.10.2016 10:52:07, LastWriteTime: 03.07.2016 0:00:32, ChangeTime: 12.07.2016 23:01:01, FileAttributes: HSA"
"10:54:21.3529243","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\desktop.ini","SUCCESS",""
"10:54:21.3673617","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3674858","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","AllocationSize: 80, EndOfFile: 75, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3675037","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","Offset: 0, Length: 75, Priority: Normal"
"10:54:21.3675477","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","Offset: 0, Length: 75, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:21.3675979","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","CreationTime: 24.08.2015 15:22:21, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 24.08.2015 15:22:21, ChangeTime: 01.10.2016 16:45:41, FileAttributes: A"
"10:54:21.3676147","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS",""
"10:54:21.3741448","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\My Music\desktop.ini","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: <unknown>"
"10:54:21.3743264","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Music\DESKTOP.INI","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3744142","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Music\desktop.ini","SUCCESS","AllocationSize: 504, EndOfFile: 504, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3744345","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Music\desktop.ini","SUCCESS","Offset: 0, Length: 504, Priority: Normal"
"10:54:21.3745055","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Music\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:53:02, LastAccessTime: 09.10.2016 10:52:07, LastWriteTime: 03.07.2016 0:00:31, ChangeTime: 28.08.2016 14:30:23, FileAttributes: HSA"
"10:54:21.3745226","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Music\desktop.ini","SUCCESS",""
"10:54:21.3771821","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\My Pictures\desktop.ini","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: <unknown>"
"10:54:21.3772647","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Pictures\DESKTOP.INI","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3773313","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Pictures\desktop.ini","SUCCESS","AllocationSize: 504, EndOfFile: 504, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3773492","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Pictures\desktop.ini","SUCCESS","Offset: 0, Length: 504, Priority: Normal"
"10:54:21.3774194","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Pictures\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:53:02, LastAccessTime: 09.10.2016 10:52:07, LastWriteTime: 03.07.2016 0:00:31, ChangeTime: 28.08.2016 14:30:23, FileAttributes: HSA"
"10:54:21.3774362","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Pictures\desktop.ini","SUCCESS",""
"10:54:21.3788574","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\My Videos\desktop.ini","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: <unknown>"
"10:54:21.3789459","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Videos\DESKTOP.INI","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3790191","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Videos\desktop.ini","SUCCESS","AllocationSize: 504, EndOfFile: 504, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3790402","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Videos\desktop.ini","SUCCESS","Offset: 0, Length: 504, Priority: Normal"
"10:54:21.3791108","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Videos\desktop.ini","SUCCESS","CreationTime: 23.08.2015 23:53:02, LastAccessTime: 09.10.2016 10:52:12, LastWriteTime: 03.07.2016 0:00:31, ChangeTime: 28.08.2016 14:30:22, FileAttributes: HSA"
"10:54:21.3791279","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Videos\desktop.ini","SUCCESS",""
"10:54:21.3813854","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:21.3815147","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS","AllocationSize: 88, EndOfFile: 81, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:21.3815314","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS","Offset: 0, Length: 81, Priority: Normal"
"10:54:21.3815711","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS","Offset: 0, Length: 81, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:21.3816203","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS","CreationTime: 20.01.2016 15:07:53, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 20.01.2016 15:07:53, ChangeTime: 20.01.2016 15:07:53, FileAttributes: HS"
"10:54:21.3816381","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Scanned Documents\desktop.ini","SUCCESS",""
"10:54:21.3842870","TOTALCMD.EXE","2924","QueryDirectory","C:\Users\Debath\Documents\desktop.ini","SUCCESS","Filter: desktop.ini, 1: desktop.ini"
"10:54:23.7500021","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:23.7503956","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS","AllocationSize: 80, EndOfFile: 75, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:23.7504480","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS","Offset: 0, Length: 75, Priority: Normal"
"10:54:23.7505605","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS","Offset: 0, Length: 75, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:23.7506938","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS","CreationTime: 24.08.2015 15:22:21, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 24.08.2015 15:22:21, ChangeTime: 24.08.2015 15:22:21, FileAttributes: A"
"10:54:23.7507473","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Axialis Librarian\Deleted Items\desktop.ini","SUCCESS",""
"10:54:23.7529727","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:23.7533077","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS","AllocationSize: 80, EndOfFile: 75, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:23.7533594","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS","Offset: 0, Length: 75, Priority: Normal"
"10:54:23.7534726","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS","Offset: 0, Length: 75, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:23.7536328","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS","CreationTime: 24.08.2015 15:22:21, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 24.08.2015 15:22:21, ChangeTime: 24.08.2015 15:22:21, FileAttributes: A"
"10:54:23.7536863","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Axialis Librarian\Icons\desktop.ini","SUCCESS",""
"10:54:23.7558066","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:23.7561484","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS","AllocationSize: 80, EndOfFile: 76, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:23.7562005","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS","Offset: 0, Length: 76, Priority: Normal"
"10:54:23.7563148","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS","Offset: 0, Length: 76, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:23.7564455","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS","CreationTime: 24.08.2015 15:22:21, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 24.08.2015 15:22:21, ChangeTime: 24.08.2015 15:22:21, FileAttributes: A"
"10:54:23.7564979","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Axialis Librarian\Media Files\desktop.ini","SUCCESS",""
"10:54:23.7581846","TOTALCMD.EXE","2924","CreateFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:54:23.7585140","TOTALCMD.EXE","2924","QueryStandardInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS","AllocationSize: 80, EndOfFile: 76, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:54:23.7585628","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS","Offset: 0, Length: 76, Priority: Normal"
"10:54:23.7586549","TOTALCMD.EXE","2924","ReadFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS","Offset: 0, Length: 76, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"10:54:23.7587645","TOTALCMD.EXE","2924","QueryBasicInformationFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS","CreationTime: 24.08.2015 15:22:21, LastAccessTime: 09.10.2016 10:51:48, LastWriteTime: 24.08.2015 15:22:21, ChangeTime: 24.08.2015 15:22:21, FileAttributes: A"
"10:54:23.7588158","TOTALCMD.EXE","2924","CloseFile","C:\Users\Debath\Documents\Axialis Librarian\Objects\desktop.ini","SUCCESS",""
"10:54:23.7624054","TOTALCMD.EXE","2924","QueryDirectory","C:\Users\Debath\Documents\Axialis Librarian\desktop.ini","SUCCESS","Filter: desktop.ini, 1: desktop.ini"