Facebook

Untitled safest cryptocurrency exchange

From Bitty Pig, 3 Years ago, written in Plain Text.
URL https://pastebin.pl/view/5e82e092
Embed
Download Paste or View Raw
Hits: 177
  1.  
  2. [WinIOSol] >> EvtID=000001358 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  3. [WinIOSol] >> EvtID=000001358        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  4. [WinIOSol] << EvtID=000001358 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  5. [WinIOSol] << EvtID=000001358        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  6. [WinIOSol] >> EvtID=000001359 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=891562D8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  7. [WinIOSol] << EvtID=000001359 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  8. [WinIOSol] << EvtID=000001359        Buffer=891562D8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ]
  9. [WinIOSol] >> EvtID=000001360 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  10. [WinIOSol] << EvtID=000001360 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  11. [WinIOSol] >> EvtID=000001361 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  12. [WinIOSol] << EvtID=000001361 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  13. [WinIOSol] << EvtID=000001361 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  14. [WinIOSol] >> EvtID=000001362 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  15. [WinIOSol] >> EvtID=000001362        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  16. [WinIOSol] << EvtID=000001362 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  17. [WinIOSol] << EvtID=000001362        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  18. [WinIOSol] >> EvtID=000001363 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=891562D8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  19. [WinIOSol] << EvtID=000001363 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  20. [WinIOSol] << EvtID=000001363        Buffer=891562D8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ]
  21. [WinIOSol] >> EvtID=000001364 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  22. [WinIOSol] << EvtID=000001364 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  23. [WinIOSol] >> EvtID=000001365 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  24. [WinIOSol] << EvtID=000001365 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  25. [WinIOSol] << EvtID=000001365 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  26. [WinIOSol] >> EvtID=000001370 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  27. [WinIOSol] >> EvtID=000001370        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  28. [WinIOSol] EvtID=000001370 CreateFileNonExistFCB FltCreateFileEx FAILED Status=0xc0000034,Object Name not found.
  29. [WinIOSol] << EvtID=000001370 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  30. [WinIOSol] << EvtID=000001370        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=0 Clean=0 Ref=0
  31. [WinIOSol] >> EvtID=000001371 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  32. [WinIOSol] >> EvtID=000001371        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_WRITE_ATTRIBUTES|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  33. [WinIOSol] EvtID=000001371 CreateFileNonExistFCB FltCreateFileEx FAILED Status=0xc0000034,Object Name not found.
  34. [WinIOSol] << EvtID=000001371 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  35. [WinIOSol] << EvtID=000001371        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=0 Clean=0 Ref=0
  36. [WinIOSol] >> EvtID=000001372 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  37. [WinIOSol] >> EvtID=000001372        OperationFlags= CreateDisposition=FILE_OVERWRITE_IF DesiredAccess=FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE|  AllocationSize=0
  38. [WinIOSol] << EvtID=000001372 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  39. [WinIOSol] << EvtID=000001372        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  40. [WinIOSol] >> EvtID=000001373 IRP=IRP_MJ_WRITE,NORMAL Thread=89158DA8,89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  41. [WinIOSol] >> EvtID=000001373        TopLevelIrp=00000000 IrpFlags=IRP_WRITE_OPERATION|IRP_DEFER_IO_COMPLETION| OpFlags=  Key=0 Length=104 ByteOffset=0 Buffer=023C2438
  42. [WinIOSol] >> EvtID=000001374 IRP=IRP_MJ_CLEANUP,None Thread=89158DA8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  43. [WinIOSol] >> EvtID=000001375 FilterPreAcquireCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  44. [WinIOSol] << EvtID=000001375 FilterPreAcquireCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  45. [WinIOSol] >> EvtID=000001376 IRP=IRP_MJ_WRITE,NORMAL Thread=89158DA8,89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  46. [WinIOSol] >> EvtID=000001376        TopLevelIrp=00000000 IrpFlags=IRP_INPUT_OPERATION|IRP_NOCACHE|IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO| OpFlags=  Key=0 Length=4096 ByteOffset=0 Buffer=00000000
  47. [WinIOSol] >> EvtID=000001377 FilterPreReleaseCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  48. [WinIOSol] << EvtID=000001377 FilterPreReleaseCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  49. [WinIOSol] << EvtID=000001374 IRP=IRP_MJ_CLEANUP,None Thread=89158DA8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  50. [WinIOSol] >> EvtID=000001378 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  51. [WinIOSol] >> EvtID=000001378        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  52. [WinIOSol] << EvtID=000001378 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  53. [WinIOSol] << EvtID=000001378        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  54. [WinIOSol] >> EvtID=000001379 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=894F7BE8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  55. [WinIOSol] << EvtID=000001379 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  56. [WinIOSol] << EvtID=000001379        Buffer=894F7BE8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ]
  57. [WinIOSol] >> EvtID=000001380 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  58. [WinIOSol] << EvtID=000001380 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  59. [WinIOSol] >> EvtID=000001381 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  60. [WinIOSol] << EvtID=000001381 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  61. [WinIOSol] << EvtID=000001381 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  62. [WinIOSol] >> EvtID=000001382 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  63. [WinIOSol] >> EvtID=000001382        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  64. [WinIOSol] << EvtID=000001382 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  65. [WinIOSol] << EvtID=000001382        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  66. [WinIOSol] >> EvtID=000001383 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=890B3A28 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  67. [WinIOSol] << EvtID=000001383 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  68. [WinIOSol] << EvtID=000001383        Buffer=890B3A28 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ]
  69. [WinIOSol] >> EvtID=000001384 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  70. [WinIOSol] << EvtID=000001384 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  71. [WinIOSol] >> EvtID=000001385 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  72. [WinIOSol] << EvtID=000001385 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  73. [WinIOSol] << EvtID=000001385 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  74. [WinIOSol] >> EvtID=000001386 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  75. [WinIOSol] >> EvtID=000001386        OperationFlags= CreateDisposition=FILE_OVERWRITE_IF DesiredAccess=FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE|  AllocationSize=0
  76. [WinIOSol] << EvtID=000001386 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  77. [WinIOSol] << EvtID=000001386        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  78. [WinIOSol] >> EvtID=000001387 IRP=IRP_MJ_WRITE,NORMAL Thread=897136A8,897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  79. [WinIOSol] >> EvtID=000001387        TopLevelIrp=00000000 IrpFlags=IRP_WRITE_OPERATION|IRP_DEFER_IO_COMPLETION| OpFlags=  Key=0 Length=104 ByteOffset=0 Buffer=023C2438
  80. [WinIOSol] >> EvtID=000001388 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  81. [WinIOSol] >> EvtID=000001389 FilterPreAcquireCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  82. [WinIOSol] << EvtID=000001389 FilterPreAcquireCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  83. [WinIOSol] >> EvtID=000001390 IRP=IRP_MJ_WRITE,NORMAL Thread=897136A8,897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  84. [WinIOSol] >> EvtID=000001390        TopLevelIrp=00000000 IrpFlags=IRP_INPUT_OPERATION|IRP_NOCACHE|IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO| OpFlags=  Key=0 Length=4096 ByteOffset=0 Buffer=00000000
  85. [WinIOSol] >> EvtID=000001391 FilterPreReleaseCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  86. [WinIOSol] << EvtID=000001391 FilterPreReleaseCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  87. [WinIOSol] << EvtID=000001388 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  88. [WinIOSol] >> EvtID=000001392 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  89. [WinIOSol] >> EvtID=000001392        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE|  AllocationSize=0
  90. [WinIOSol] << EvtID=000001392 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  91. [WinIOSol] << EvtID=000001392        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=2 Clean=1 Ref=2
  92. [WinIOSol] >> EvtID=000001393 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileStandardInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=895DED98 Length=24 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  93. [WinIOSol] << EvtID=000001393 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=24
  94. [WinIOSol] << EvtID=000001393        Buffer=895DED98 Standard[ AllocationSize=4096 EndOfFile=104 NumberOfLinks=1 DeletePending=0 Directory=0 ]
  95. [WinIOSol] >> EvtID=000001394 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=890A5670 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  96. [WinIOSol] << EvtID=000001394 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  97. [WinIOSol] << EvtID=000001394        Buffer=890A5670 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069608322500 LastWriteTime=132461069608947500 ChangeTime=132461069608947500 FileAttributes=0x00000020 ]
  98. [WinIOSol] >> EvtID=000001395 CcAcquireForLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  99. [WinIOSol] >> EvtID=000001396 CcAcquireForLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  100. [WinIOSol] << EvtID=000001395 CcAcquireForLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Acquired=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  101. [WinIOSol] << EvtID=000001396 CcAcquireForLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Acquired=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  102. [WinIOSol] >> EvtID=000001397 CcReleaseFromLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  103. [WinIOSol] >> EvtID=000001398 CcReleaseFromLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  104. [WinIOSol] << EvtID=000001397 CcReleaseFromLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  105. [WinIOSol] << EvtID=000001398 CcReleaseFromLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  106. [WinIOSol] >> EvtID=000001399 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  107. [WinIOSol] >> EvtID=000001400 IRP=IRP_MJ_SET_INFORMATION,None Info=FileEndOfFileInformation Thread=89A31398 Proc=000172,notepad++.exe Buffer=BACFFCF0 Length=8 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  108. [WinIOSol] >> EvtID=000001401 IRP=IRP_MJ_SET_INFORMATION,None Info=FileEndOfFileInformation Thread=89A31B00 Proc=000172,notepad++.exe Buffer=BACF7CF0 Length=8 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  109. [WinIOSol] >> EvtID=000001399        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  110. [WinIOSol] << EvtID=000001400 IRP=IRP_MJ_SET_INFORMATION,None Thread=89A31398 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0
  111. [WinIOSol] << EvtID=000001400        Buffer=BACFFCF0 AdvanceOnly=1 EndOfFile=4096
  112. [WinIOSol] EvtID=000001402 IRP=IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  113. [WinIOSol] EvtID=000001403 IRP=IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  114. [WinIOSol] << EvtID=000001399 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  115. [WinIOSol] << EvtID=000001399        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=3 Clean=2 Ref=3
  116. [WinIOSol] >> EvtID=000001404 IRP=IRP_MJ_CLOSE,None Thread=89A31398 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  117. [WinIOSol] << EvtID=000001401 IRP=IRP_MJ_SET_INFORMATION,None Thread=89A31B00 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0
  118. [WinIOSol] << EvtID=000001401        Buffer=BACF7CF0 AdvanceOnly=1 EndOfFile=4096
  119. [WinIOSol] >> EvtID=000001405 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  120. [WinIOSol] EvtID=000001406 IRP=IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\isolationtest.txt
  121. [WinIOSol] << EvtID=000001405 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  122. [WinIOSol] << EvtID=000001405        Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069608322500 LastWriteTime=132461069608947500 ChangeTime=132461069608947500 FileAttributes=0x00000020 ]
  123. [WinIOSol] EvtID=000001407 IRP=IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\isolationtest.txt
  124. [WinIOSol] >> EvtID=000001408 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=3 Clean=2 Ref=3 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  125. [WinIOSol] >> EvtID=000001409 IRP=IRP_MJ_CLOSE,None Thread=89A31B00 Proc=000172,notepad++.exe Open=3 Clean=2 Ref=3 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  126. [WinIOSol] << EvtID=000001404 UninitializeFCB Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  127. [WinIOSol] << EvtID=000001404 IRP=IRP_MJ_CLOSE,None Thread=89A31398 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  128. [WinIOSol] << EvtID=000001408 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=3 Clean=1 Ref=3 Status=0x00000000,STATUS_SUCCESS
  129. [WinIOSol] << EvtID=000001409 IRP=IRP_MJ_CLOSE,None Thread=89A31B00 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Status=0x00000000,STATUS_SUCCESS
  130. [WinIOSol] >> EvtID=000001410 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  131. [WinIOSol] << EvtID=000001410 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Status=0x00000000,STATUS_SUCCESS
  132. [WinIOSol] >> EvtID=000001411 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  133. [WinIOSol] << EvtID=000001411 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  134. [WinIOSol] >> EvtID=000001412 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  135. [WinIOSol] << EvtID=000001412 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  136. [WinIOSol] << EvtID=000001412 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  137. [WinIOSol] >> EvtID=000001413 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  138. [WinIOSol] >> EvtID=000001413        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  139. [WinIOSol] << EvtID=000001413 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  140. [WinIOSol] << EvtID=000001413        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  141. [WinIOSol] >> EvtID=000001414 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89504B98 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  142. [WinIOSol] << EvtID=000001414 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  143. [WinIOSol] << EvtID=000001414        Buffer=89504B98 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  144. [WinIOSol] >> EvtID=000001415 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  145. [WinIOSol] << EvtID=000001415 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  146. [WinIOSol] >> EvtID=000001416 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  147. [WinIOSol] << EvtID=000001416 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  148. [WinIOSol] << EvtID=000001416 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  149. [WinIOSol] >> EvtID=000001417 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  150. [WinIOSol] >> EvtID=000001417        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  151. [WinIOSol] << EvtID=000001417 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  152. [WinIOSol] << EvtID=000001417        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  153. [WinIOSol] >> EvtID=000001418 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8913A1D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  154. [WinIOSol] << EvtID=000001418 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  155. [WinIOSol] << EvtID=000001418        Buffer=8913A1D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  156. [WinIOSol] >> EvtID=000001419 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  157. [WinIOSol] << EvtID=000001419 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  158. [WinIOSol] >> EvtID=000001420 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  159. [WinIOSol] << EvtID=000001420 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  160. [WinIOSol] << EvtID=000001420 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  161. [WinIOSol] >> EvtID=000001422 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  162. [WinIOSol] >> EvtID=000001422        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  163. [WinIOSol] << EvtID=000001422 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  164. [WinIOSol] << EvtID=000001422        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  165. [WinIOSol] >> EvtID=000001423 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89151340 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  166. [WinIOSol] << EvtID=000001423 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  167. [WinIOSol] << EvtID=000001423        Buffer=89151340 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  168. [WinIOSol] >> EvtID=000001424 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  169. [WinIOSol] << EvtID=000001424 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  170. [WinIOSol] >> EvtID=000001425 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  171. [WinIOSol] << EvtID=000001425 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  172. [WinIOSol] << EvtID=000001425 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  173. [WinIOSol] >> EvtID=000001426 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  174. [WinIOSol] >> EvtID=000001426        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  175. [WinIOSol] << EvtID=000001426 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  176. [WinIOSol] << EvtID=000001426        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  177. [WinIOSol] >> EvtID=000001427 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  178. [WinIOSol] << EvtID=000001427 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  179. [WinIOSol] << EvtID=000001427        Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  180. [WinIOSol] >> EvtID=000001428 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  181. [WinIOSol] << EvtID=000001428 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  182. [WinIOSol] >> EvtID=000001429 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  183. [WinIOSol] << EvtID=000001429 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  184. [WinIOSol] << EvtID=000001429 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  185. [WinIOSol] >> EvtID=000001431 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  186. [WinIOSol] >> EvtID=000001431        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE|  AllocationSize=0
  187. [WinIOSol] << EvtID=000001431 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  188. [WinIOSol] << EvtID=000001431        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  189. [WinIOSol] >> EvtID=000001433 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileStandardInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896DABA8 Length=24 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  190. [WinIOSol] << EvtID=000001433 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=24
  191. [WinIOSol] << EvtID=000001433        Buffer=896DABA8 Standard[ AllocationSize=4096 EndOfFile=104 NumberOfLinks=1 DeletePending=0 Directory=0 ]
  192. [WinIOSol] >> EvtID=000001434 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  193. [WinIOSol] << EvtID=000001434 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  194. [WinIOSol] << EvtID=000001434        Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  195. [WinIOSol] >> EvtID=000001435 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  196. [WinIOSol] >> EvtID=000001435        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  197. [WinIOSol] << EvtID=000001435 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  198. [WinIOSol] << EvtID=000001435        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=2 Clean=2 Ref=2
  199. [WinIOSol] >> EvtID=000001436 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=894F7BE8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  200. [WinIOSol] << EvtID=000001436 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  201. [WinIOSol] << EvtID=000001436        Buffer=894F7BE8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  202. [WinIOSol] >> EvtID=000001437 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=2 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  203. [WinIOSol] << EvtID=000001437 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Status=0x00000000,STATUS_SUCCESS
  204. [WinIOSol] >> EvtID=000001438 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  205. [WinIOSol] << EvtID=000001438 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Status=0x00000000,STATUS_SUCCESS
  206. [WinIOSol] >> EvtID=000001439 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  207. [WinIOSol] << EvtID=000001439 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  208. [WinIOSol] >> EvtID=000001440 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  209. [WinIOSol] << EvtID=000001440 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  210. [WinIOSol] << EvtID=000001440 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  211. [WinIOSol] >> EvtID=000001441 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  212. [WinIOSol] >> EvtID=000001441        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES|DELETE| ShareAccess=FILE_SHARE_READ Options=FILE_NON_DIRECTORY_FILE|FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  213. [WinIOSol] << EvtID=000001441 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  214. [WinIOSol] << EvtID=000001441        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  215. [WinIOSol] >> EvtID=000001442 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileAttributeTagInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8987B0A8 Length=8 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  216. [WinIOSol] << EvtID=000001442 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=8
  217. [WinIOSol] << EvtID=000001442        Buffer=8987B0A8
  218. [WinIOSol] >> EvtID=000001443 IRP=IRP_MJ_SET_INFORMATION,None Info=FileDispositionInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8987B0A8 Length=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  219. [WinIOSol] << EvtID=000001443 IRP=IRP_MJ_SET_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0
  220. [WinIOSol] << EvtID=000001443        Buffer=8987B0A8 DeleteFile=1
  221. [WinIOSol] >> EvtID=000001444 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  222. [WinIOSol] << EvtID=000001444 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  223. [WinIOSol] >> EvtID=000001445 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  224. [WinIOSol] << EvtID=000001445 UninitializeFCB Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920
  225. [WinIOSol] << EvtID=000001445 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  226. [WinIOSol] >> EvtID=000001446 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  227. [WinIOSol] >> EvtID=000001446        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  228. [WinIOSol] << EvtID=000001446 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  229. [WinIOSol] << EvtID=000001446        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  230. [WinIOSol] >> EvtID=000001447 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8989C8A0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  231. [WinIOSol] << EvtID=000001447 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  232. [WinIOSol] << EvtID=000001447        Buffer=8989C8A0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  233. [WinIOSol] >> EvtID=000001448 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  234. [WinIOSol] << EvtID=000001448 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  235. [WinIOSol] >> EvtID=000001449 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  236. [WinIOSol] << EvtID=000001449 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  237. [WinIOSol] << EvtID=000001449 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  238. [WinIOSol] >> EvtID=000001450 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  239. [WinIOSol] >> EvtID=000001450        OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT|  AllocationSize=0
  240. [WinIOSol] << EvtID=000001450 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt
  241. [WinIOSol] << EvtID=000001450        Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1
  242. [WinIOSol] >> EvtID=000001451 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89726EA0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  243. [WinIOSol] << EvtID=000001451 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40
  244. [WinIOSol] << EvtID=000001451        Buffer=89726EA0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ]
  245. [WinIOSol] >> EvtID=000001452 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  246. [WinIOSol] << EvtID=000001452 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS
  247. [WinIOSol] >> EvtID=000001453 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt
  248. [WinIOSol] << EvtID=000001453 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt
  249. [WinIOSol] << EvtID=000001453 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS
  250.  

Reply to "Untitled"