Code:
13:08:35,5032217 FileAlyzer2.exe Start Process
LastRun
13:08:35,5881760 FileAlyzer2.exe 12552 RegQueryValue HKCU\Software\Safer Networking Limited\LastOpenedFile SUCCESS Type: REG_MULTI_SZ, Length: 242, Data: \\192.168.1.197\wwwdata\html\File-A.png, \\192.168.1.197\wwwdata\html\File-B.png, \\192.168.1.000\wwwdata\html\File-C.png
Query Last run files
13:08:35,5914775 FileAlyzer2.exe 12552 CreateFile \\192.168.1.197\wwwdata\html\File-A.png SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:08:35,5940017 FileAlyzer2.exe 12552 QueryBasicInformationFile \\192.168.1.197\wwwdata\html\File-A.png FAST IO DISALLOWED
13:08:35,5940135 FileAlyzer2.exe 12552 QueryBasicInformationFile \\192.168.1.197\wwwdata\html\File-A.png SUCCESS CreationTime: 11.03.2015 11:32:58, LastAccessTime: 11.03.2015 13:06:43, LastWriteTime: 11.03.2015 11:32:58, ChangeTime: 11.03.2015 11:32:58, FileAttributes: A
13:08:35,5940489 FileAlyzer2.exe 12552 CloseFile \\192.168.1.197\wwwdata\html\File-A.png SUCCESS
13:08:35,5973143 FileAlyzer2.exe 12552 CreateFile \\192.168.1.197\wwwdata\html\File-B.png SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:08:35,5997870 FileAlyzer2.exe 12552 QueryBasicInformationFile \\192.168.1.197\wwwdata\html\File-B.png FAST IO DISALLOWED
13:08:35,5997976 FileAlyzer2.exe 12552 QueryBasicInformationFile \\192.168.1.197\wwwdata\html\File-B.png SUCCESS CreationTime: 11.03.2015 11:33:16, LastAccessTime: 11.03.2015 13:06:47, LastWriteTime: 11.03.2015 11:33:16, ChangeTime: 11.03.2015 11:33:16, FileAttributes: A
13:08:35,5998140 FileAlyzer2.exe 12552 CloseFile \\192.168.1.197\wwwdata\html\File-B.png SUCCESS
13:08:44,6526594 FileAlyzer2.exe 12552 CreateFile \\192.168.1.000\wwwdata\html\File-C.png BAD NETWORK PATH Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
Query current file
13:08:44,6554302 FileAlyzer2.exe 12552 CreateFile C:\File-D.png SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:08:44,6554675 FileAlyzer2.exe 12552 QueryBasicInformationFile C:\File-D.png SUCCESS CreationTime: 11.03.2015 13:08:09, LastAccessTime: 11.03.2015 13:08:09, LastWriteTime: 11.03.2015 11:32:58, ChangeTime: 11.03.2015 13:08:15, FileAttributes: A
13:08:44,6554895 FileAlyzer2.exe 12552 CloseFile C:\File-D.png SUCCESS
13:08:44,7374880 FileAlyzer2.exe 12552 CreateFile C:\File-D.png SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:08:44,7375110 FileAlyzer2.exe 12552 QueryBasicInformationFile C:\File-D.png SUCCESS CreationTime: 11.03.2015 13:08:09, LastAccessTime: 11.03.2015 13:08:09, LastWriteTime: 11.03.2015 11:32:58, ChangeTime: 11.03.2015 13:08:15, FileAttributes: A
[...]
13:08:45,0992077 FileAlyzer2.exe 12552 CloseFile C:\File-D.png SUCCESS
1. Please note the RegQueryValue on LastOpenedFile (blue) returns File-A, File-B and File-C. File-C has an previously found but now invalid path (red)