Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,253 questions
External drives are continuously accessed by WmiPrvSe
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 74%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
BKQcTheFirst
1
Reputation point
For a couple weeks, I have had external devices connected through my USB port (1 HDD and 1 thumb drive) and recently, I realized that the activity leds are continuously flashing on both devices. I first though a some rogue software running so I started procmon only to discover that the only access being done is by wmiprvse which is interrogating the drives without interruption. Is it normal? Does it wear out my hard drive prematurely?
Here is an extract of the ProcMon log:
13:57:21,8044791 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8046644 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,8047894 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:21,8049017 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8050177 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,8054006 wmiprvse.exe 9188 CreateFile J: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8056637 wmiprvse.exe 9188 FileSystemControl J: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:21,8057901 wmiprvse.exe 9188 CloseFile J: SUCCESS
13:57:21,8060840 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8062398 wmiprvse.exe 9188 QuerySizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,8063515 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,8066512 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8068062 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,8069237 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:21,8070317 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8071370 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,8074412 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8076109 wmiprvse.exe 9188 QueryFullSizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,8077189 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,8080976 wmiprvse.exe 9188 QueryOpen J:\ SUCCESS CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
13:57:21,8098634 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8100409 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,8101663 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8103389 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,8905045 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8907380 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:21,8913781 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:21,8915109 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8916239 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:21,8919824 wmiprvse.exe 9188 CreateFile K: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8922382 wmiprvse.exe 9188 FileSystemControl K: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:21,8923663 wmiprvse.exe 9188 CloseFile K: SUCCESS
13:57:21,8935796 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8937520 wmiprvse.exe 9188 QuerySizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,8938673 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:21,8941694 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8943233 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:21,8944748 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:21,8945847 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8946910 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:21,8951276 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8952797 wmiprvse.exe 9188 QueryFullSizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,8953872 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:21,8956995 wmiprvse.exe 9188 QueryOpen K:\ SUCCESS CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
13:57:21,8973314 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,8975172 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:21,8976586 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,8977752 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:21,9009866 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9011679 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,9012961 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:21,9014088 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,9015273 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,9019594 wmiprvse.exe 9188 CreateFile J: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9022089 wmiprvse.exe 9188 FileSystemControl J: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:21,9023363 wmiprvse.exe 9188 CloseFile J: SUCCESS
13:57:21,9026694 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9028308 wmiprvse.exe 9188 QuerySizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,9029477 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,9032519 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9034132 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,9035420 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:21,9036510 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,9037590 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,9041054 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9042632 wmiprvse.exe 9188 QueryFullSizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:21,9043801 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:21,9046791 wmiprvse.exe 9188 QueryOpen J:\ SUCCESS CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
13:57:21,9061774 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:21,9063532 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:21,9065029 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:21,9078130 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:22,0784361 WDDriveService.exe 7620 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
13:57:22,0785807 WDDriveService.exe 7620 QueryFullSizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:22,0787900 WDDriveService.exe 7620 CloseFile J:\ SUCCESS
13:57:22,0789467 WDDriveService.exe 7620 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
13:57:22,0790800 WDDriveService.exe 7620 QueryFullSizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:22,0791252 WDDriveService.exe 7620 CloseFile J:\ SUCCESS
13:57:23,9005715 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9007334 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9008571 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:23,9009673 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9010741 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9014739 wmiprvse.exe 9188 CreateFile K: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9017189 wmiprvse.exe 9188 FileSystemControl K: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:23,9018437 wmiprvse.exe 9188 CloseFile K: SUCCESS
13:57:23,9021410 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9022940 wmiprvse.exe 9188 QuerySizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9024003 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9026988 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9028501 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9029684 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:23,9030753 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9031815 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9035424 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9036951 wmiprvse.exe 9188 QueryFullSizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9038028 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9040736 wmiprvse.exe 9188 QueryOpen K:\ SUCCESS CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
13:57:23,9053972 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9055739 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9056936 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9058046 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9080604 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9082317 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:23,9083542 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:23,9084731 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9085818 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:23,9089425 wmiprvse.exe 9188 CreateFile J: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9091953 wmiprvse.exe 9188 FileSystemControl J: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:23,9093326 wmiprvse.exe 9188 CloseFile J: SUCCESS
13:57:23,9096660 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9098299 wmiprvse.exe 9188 QuerySizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, AvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9099418 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:23,9102304 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9103937 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:23,9105373 wmiprvse.exe 9188 QueryInformationVolume J:\ SUCCESS VolumeCreationTime: 2011-09-02 21:22:07, VolumeSerialNumber: 0A0A-0000, SupportsObjects: True, VolumeLabel: VoluA Label
13:57:23,9106443 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9107580 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:23,9110796 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9112378 wmiprvse.exe 9188 QueryFullSizeInformationVolume J:\ SUCCESS TotalAllocationUnits: 244 182 015, CallerAvailableAllocationUnits: 16 233 045, ActualAvailableAllocationUnits: 16 233 045, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9113439 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:23,9116350 wmiprvse.exe 9188 QueryOpen J:\ SUCCESS CreationTime: 2011-09-02 21:22:07, LastAccessTime: 2021-08-12 13:42:26, LastWriteTime: 2021-08-12 11:48:12, ChangeTime: 2021-08-12 11:48:12, AllocationSize: 12 288, EndOfFile: 12 288, FileAttributes: HSD
13:57:23,9132420 wmiprvse.exe 9188 CreateFile J:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9134125 wmiprvse.exe 9188 QueryNameInformationFile J:\ SUCCESS Name: \
13:57:23,9135500 wmiprvse.exe 9188 QueryAttributeInformationVolume J:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9136684 wmiprvse.exe 9188 CloseFile J:\ SUCCESS
13:57:23,9788988 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9790677 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9791927 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:23,9792977 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9794066 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9797680 wmiprvse.exe 9188 CreateFile K: SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9800154 wmiprvse.exe 9188 FileSystemControl K: SUCCESS Control: FSCTL_IS_VOLUME_DIRTY
13:57:23,9801426 wmiprvse.exe 9188 CloseFile K: SUCCESS
13:57:23,9804385 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9806115 wmiprvse.exe 9188 QuerySizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, AvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9807215 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9810127 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9811655 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9812863 wmiprvse.exe 9188 QueryInformationVolume K:\ SUCCESS VolumeCreationTime: 2021-06-26 17:53:24, VolumeSerialNumber: 1B1B-1111, SupportsObjects: True, VolumeLabel: VOLUMEBB
13:57:23,9813918 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9815264 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9818502 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9820032 wmiprvse.exe 9188 QueryFullSizeInformationVolume K:\ SUCCESS TotalAllocationUnits: 1 889 615, CallerAvailableAllocationUnits: 428 391, ActualAvailableAllocationUnits: 428 391, SectorsPerAllocationUnit: 8, BytesPerSector: 512
13:57:23,9821124 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
13:57:23,9823830 wmiprvse.exe 9188 QueryOpen K:\ SUCCESS CreationTime: 2021-06-26 17:53:24, LastAccessTime: 2021-08-12 13:42:25, LastWriteTime: 2021-08-05 22:44:56, ChangeTime: 2021-08-05 22:50:34, AllocationSize: 4 096, EndOfFile: 4 096, FileAttributes: HSD
13:57:23,9837985 wmiprvse.exe 9188 CreateFile K:\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: MYPC\CurrentUser, OpenResult: Opened
13:57:23,9839574 wmiprvse.exe 9188 QueryNameInformationFile K:\ SUCCESS Name: \
13:57:23,9840842 wmiprvse.exe 9188 QueryAttributeInformationVolume K:\ SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS
13:57:23,9842014 wmiprvse.exe 9188 CloseFile K:\ SUCCESS
Sysinternals
Sign in to answer