question

BKQcTheFirst avatar image
0 Votes"
BKQcTheFirst asked BKQcTheFirst published

External drives are continuously accessed by WmiPrvSe

For a couple weeks, I have had external devices connected through my USB port (1 HDD and 1 thumb drive) and recently, I realized that the activity leds are continuously flashing on both devices. I first though a some rogue software running so I started procmon only to discover that the only access being done is by wmiprvse which is interrogating the drives without interruption. Is it normal? Does it wear out my hard drive prematurely?

Here is an extract of the ProcMon log:

 13:57:21,8044791    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8046644    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,8047894    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:21,8049017    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8050177    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,8054006    wmiprvse.exe    9188    CreateFile    J:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8056637    wmiprvse.exe    9188    FileSystemControl    J:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:21,8057901    wmiprvse.exe    9188    CloseFile    J:    SUCCESS    
 13:57:21,8060840    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8062398    wmiprvse.exe    9188    QuerySizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,8063515    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,8066512    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8068062    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,8069237    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:21,8070317    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8071370    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,8074412    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8076109    wmiprvse.exe    9188    QueryFullSizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,8077189    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,8080976    wmiprvse.exe    9188    QueryOpen    J:\    SUCCESS    CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
 13:57:21,8098634    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8100409    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,8101663    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8103389    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,8905045    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8907380    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:21,8913781    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:21,8915109    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8916239    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:21,8919824    wmiprvse.exe    9188    CreateFile    K:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8922382    wmiprvse.exe    9188    FileSystemControl    K:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:21,8923663    wmiprvse.exe    9188    CloseFile    K:    SUCCESS    
 13:57:21,8935796    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8937520    wmiprvse.exe    9188    QuerySizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,8938673    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:21,8941694    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8943233    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:21,8944748    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:21,8945847    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8946910    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:21,8951276    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8952797    wmiprvse.exe    9188    QueryFullSizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,8953872    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:21,8956995    wmiprvse.exe    9188    QueryOpen    K:\    SUCCESS    CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
 13:57:21,8973314    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,8975172    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:21,8976586    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,8977752    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:21,9009866    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9011679    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,9012961    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:21,9014088    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,9015273    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,9019594    wmiprvse.exe    9188    CreateFile    J:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9022089    wmiprvse.exe    9188    FileSystemControl    J:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:21,9023363    wmiprvse.exe    9188    CloseFile    J:    SUCCESS    
 13:57:21,9026694    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9028308    wmiprvse.exe    9188    QuerySizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,9029477    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,9032519    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9034132    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,9035420    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:21,9036510    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,9037590    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,9041054    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9042632    wmiprvse.exe    9188    QueryFullSizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:21,9043801    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:21,9046791    wmiprvse.exe    9188    QueryOpen    J:\    SUCCESS    CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
 13:57:21,9061774    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:21,9063532    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:21,9065029    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:21,9078130    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:22,0784361    WDDriveService.exe    7620    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
 13:57:22,0785807    WDDriveService.exe    7620    QueryFullSizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:22,0787900    WDDriveService.exe    7620    CloseFile    J:\    SUCCESS    
 13:57:22,0789467    WDDriveService.exe    7620    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
 13:57:22,0790800    WDDriveService.exe    7620    QueryFullSizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:22,0791252    WDDriveService.exe    7620    CloseFile    J:\    SUCCESS    
 13:57:23,9005715    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9007334    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9008571    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:23,9009673    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9010741    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9014739    wmiprvse.exe    9188    CreateFile    K:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9017189    wmiprvse.exe    9188    FileSystemControl    K:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:23,9018437    wmiprvse.exe    9188    CloseFile    K:    SUCCESS    
 13:57:23,9021410    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9022940    wmiprvse.exe    9188    QuerySizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9024003    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9026988    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9028501    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9029684    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:23,9030753    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9031815    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9035424    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9036951    wmiprvse.exe    9188    QueryFullSizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9038028    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9040736    wmiprvse.exe    9188    QueryOpen    K:\    SUCCESS    CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
 13:57:23,9053972    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9055739    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9056936    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9058046    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9080604    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9082317    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:23,9083542    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:23,9084731    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9085818    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:23,9089425    wmiprvse.exe    9188    CreateFile    J:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9091953    wmiprvse.exe    9188    FileSystemControl    J:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:23,9093326    wmiprvse.exe    9188    CloseFile    J:    SUCCESS    
 13:57:23,9096660    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9098299    wmiprvse.exe    9188    QuerySizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9099418    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:23,9102304    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9103937    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:23,9105373    wmiprvse.exe    9188    QueryInformationVolume    J:\    SUCCESS    VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
 13:57:23,9106443    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9107580    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:23,9110796    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9112378    wmiprvse.exe    9188    QueryFullSizeInformationVolume    J:\    SUCCESS    TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9113439    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:23,9116350    wmiprvse.exe    9188    QueryOpen    J:\    SUCCESS    CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
 13:57:23,9132420    wmiprvse.exe    9188    CreateFile    J:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9134125    wmiprvse.exe    9188    QueryNameInformationFile    J:\    SUCCESS    Name: \
 13:57:23,9135500    wmiprvse.exe    9188    QueryAttributeInformationVolume    J:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9136684    wmiprvse.exe    9188    CloseFile    J:\    SUCCESS    
 13:57:23,9788988    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9790677    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9791927    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:23,9792977    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9794066    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9797680    wmiprvse.exe    9188    CreateFile    K:    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9800154    wmiprvse.exe    9188    FileSystemControl    K:    SUCCESS    Control: FSCTL_IS_VOLUME_DIRTY
 13:57:23,9801426    wmiprvse.exe    9188    CloseFile    K:    SUCCESS    
 13:57:23,9804385    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9806115    wmiprvse.exe    9188    QuerySizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9807215    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9810127    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9811655    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9812863    wmiprvse.exe    9188    QueryInformationVolume    K:\    SUCCESS    VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
 13:57:23,9813918    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9815264    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9818502    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9820032    wmiprvse.exe    9188    QueryFullSizeInformationVolume    K:\    SUCCESS    TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
 13:57:23,9821124    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
 13:57:23,9823830    wmiprvse.exe    9188    QueryOpen    K:\    SUCCESS    CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
 13:57:23,9837985    wmiprvse.exe    9188    CreateFile    K:\    SUCCESS    Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating:  MYPC\CurrentUser, OpenResult: Opened
 13:57:23,9839574    wmiprvse.exe    9188    QueryNameInformationFile    K:\    SUCCESS    Name: \
 13:57:23,9840842    wmiprvse.exe    9188    QueryAttributeInformationVolume    K:\    SUCCESS    FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
 13:57:23,9842014    wmiprvse.exe    9188    CloseFile    K:\    SUCCESS    
windows-sysinternals-procmon
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers