gadgetmg

9:09:23.6832880 PM	rundll32.exe	7560	CreateFile	C:\	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:09:23.6833170 PM	rundll32.exe	7560	QueryDirectory	C:\opscode	SUCCESS	Filter: opscode, 1: opscode
9:09:23.6833454 PM	rundll32.exe	7560	CloseFile	C:\	SUCCESS	
9:09:23.6834414 PM	rundll32.exe	7560	CreateFile	C:\opscode	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:09:23.6834794 PM	rundll32.exe	7560	QueryDirectory	C:\opscode\chefdk	SUCCESS	Filter: chefdk, 1: chefdk
9:09:23.6835138 PM	rundll32.exe	7560	CloseFile	C:\opscode	SUCCESS	
9:09:23.6836418 PM	rundll32.exe	7560	CreateFile	C:\opscode\chefdk	SUCCESS	Desired Access: Read Data/List Directory,