11:28:28,0083819 cmd.exe 1180 QueryOpen D:\abc\aaa.txt SUCCESS CreationTime: 13.09.2019 9:42:03, LastAccessTime: 13.09.2019 9:42:03, LastWriteTime: 13.09.2019 9:42:14, ChangeTime: 13.09.2019 11:26:23, AllocationSize: 4 096, EndOfFile: 6, FileAttributes: A
11:28:28,0085880 cmd.exe 1180 QueryOpen D:\abc\aaa.txt SUCCESS CreationTime: 13.09.2019 9:42:03, LastAccessTime: 13.09.2019 9:42:03, LastWriteTime: 13.09.2019 9:42:14, ChangeTime: 13.09.2019 11:26:23, AllocationSize: 4 096, EndOfFile: 6, FileAttributes: A
11:28:28,0087122 cmd.exe 1180 QueryOpen D:\abc\aaa.txt SUCCESS CreationTime: 13.09.2019 9:42:03, LastAccessTime: 13.09.2019 9:42:03, LastWriteTime: 13.09.2019 9:42:14, ChangeTime: 13.09.2019 11:26:23, AllocationSize: 4 096, EndOfFile: 6, FileAttributes: A
11:28:28,0088535 cmd.exe 1180 CreateFile D:\abc SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
11:28:28,0089767 cmd.exe 1180 QueryDirectory D:\abc\aaa.txt SUCCESS Filter: aaa.txt, 1: aaa.txt
11:28:28,0091898 cmd.exe 1180 CreateFile D:\abc\aaa.txt SUCCESS Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
11:28:28,0092934 cmd.exe 1180 QueryAttributeTagFile D:\abc\aaa.txt SUCCESS Attributes: A, ReparseTag: 0x0
11:28:28,0093458 cmd.exe 1180 QueryBasicInformationFile D:\abc\aaa.txt SUCCESS CreationTime: 13.09.2019 9:42:03, LastAccessTime: 13.09.2019 9:42:03, LastWriteTime: 13.09.2019 9:42:14, ChangeTime: 13.09.2019 11:26:23, FileAttributes: A
11:28:28,0094596 cmd.exe 1180 CreateFile D:\abc SUCCESS Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
11:28:28,0096056 cmd.exe 1180 SetRenameInformationFile D:\abc\aaa.txt SUCCESS ReplaceIfExists: False, FileName: D:\abc\bbb.txt
11:28:28,0100304 cmd.exe 1180 CloseFile D:\abc SUCCESS
11:28:28,0101384 cmd.exe 1180 CloseFile D:\abc\bbb.txt SUCCESS
11:28:28,0102905 cmd.exe 1180 QueryDirectory D:\abc NO MORE FILES
11:28:28,0103387 cmd.exe 1180 CloseFile D:\abc SUCCESS