[WinIOSol] >> EvtID=000001358 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001358 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001358 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001358 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001359 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=891562D8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001359 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001359 Buffer=891562D8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001360 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001360 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001361 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001361 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001361 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001362 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001362 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001362 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001362 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001363 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=891562D8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001363 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001363 Buffer=891562D8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001364 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001364 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001365 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001365 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001365 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001370 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001370 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] EvtID=000001370 CreateFileNonExistFCB FltCreateFileEx FAILED Status=0xc0000034,Object Name not found. [WinIOSol] << EvtID=000001370 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001370 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=0 Clean=0 Ref=0 [WinIOSol] >> EvtID=000001371 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001371 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_WRITE_ATTRIBUTES|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] EvtID=000001371 CreateFileNonExistFCB FltCreateFileEx FAILED Status=0xc0000034,Object Name not found. [WinIOSol] << EvtID=000001371 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001371 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=0 Clean=0 Ref=0 [WinIOSol] >> EvtID=000001372 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001372 OperationFlags= CreateDisposition=FILE_OVERWRITE_IF DesiredAccess=FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE| AllocationSize=0 [WinIOSol] << EvtID=000001372 IRP=IRP_MJ_CREATE,None Thread=89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001372 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001373 IRP=IRP_MJ_WRITE,NORMAL Thread=89158DA8,89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001373 TopLevelIrp=00000000 IrpFlags=IRP_WRITE_OPERATION|IRP_DEFER_IO_COMPLETION| OpFlags= Key=0 Length=104 ByteOffset=0 Buffer=023C2438 [WinIOSol] >> EvtID=000001374 IRP=IRP_MJ_CLEANUP,None Thread=89158DA8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001375 FilterPreAcquireCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001375 FilterPreAcquireCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001376 IRP=IRP_MJ_WRITE,NORMAL Thread=89158DA8,89158DA8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001376 TopLevelIrp=00000000 IrpFlags=IRP_INPUT_OPERATION|IRP_NOCACHE|IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO| OpFlags= Key=0 Length=4096 ByteOffset=0 Buffer=00000000 [WinIOSol] >> EvtID=000001377 FilterPreReleaseCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001377 FilterPreReleaseCcFlush Thread=89158DA8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001374 IRP=IRP_MJ_CLEANUP,None Thread=89158DA8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001378 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001378 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001378 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001378 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001379 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=894F7BE8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001379 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001379 Buffer=894F7BE8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001380 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001380 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001381 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001381 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001381 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001382 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001382 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001382 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001382 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001383 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=890B3A28 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001383 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001383 Buffer=890B3A28 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069422853750 LastWriteTime=132460915181580000 ChangeTime=132460915181580000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001384 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001384 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001385 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001385 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001385 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001386 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001386 OperationFlags= CreateDisposition=FILE_OVERWRITE_IF DesiredAccess=FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE| AllocationSize=0 [WinIOSol] << EvtID=000001386 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001386 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001387 IRP=IRP_MJ_WRITE,NORMAL Thread=897136A8,897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001387 TopLevelIrp=00000000 IrpFlags=IRP_WRITE_OPERATION|IRP_DEFER_IO_COMPLETION| OpFlags= Key=0 Length=104 ByteOffset=0 Buffer=023C2438 [WinIOSol] >> EvtID=000001388 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001389 FilterPreAcquireCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001389 FilterPreAcquireCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001390 IRP=IRP_MJ_WRITE,NORMAL Thread=897136A8,897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001390 TopLevelIrp=00000000 IrpFlags=IRP_INPUT_OPERATION|IRP_NOCACHE|IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO| OpFlags= Key=0 Length=4096 ByteOffset=0 Buffer=00000000 [WinIOSol] >> EvtID=000001391 FilterPreReleaseCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001391 FilterPreReleaseCcFlush Thread=897136A8 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001388 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001392 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001392 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE| AllocationSize=0 [WinIOSol] << EvtID=000001392 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001392 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=2 Clean=1 Ref=2 [WinIOSol] >> EvtID=000001393 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileStandardInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=895DED98 Length=24 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001393 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=24 [WinIOSol] << EvtID=000001393 Buffer=895DED98 Standard[ AllocationSize=4096 EndOfFile=104 NumberOfLinks=1 DeletePending=0 Directory=0 ] [WinIOSol] >> EvtID=000001394 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=890A5670 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001394 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001394 Buffer=890A5670 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069608322500 LastWriteTime=132461069608947500 ChangeTime=132461069608947500 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001395 CcAcquireForLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001396 CcAcquireForLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001395 CcAcquireForLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Acquired=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001396 CcAcquireForLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Acquired=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001397 CcReleaseFromLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001398 CcReleaseFromLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001397 CcReleaseFromLazyWrite Thread=89A31398 Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001398 CcReleaseFromLazyWrite Thread=89A31B00 Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001399 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001400 IRP=IRP_MJ_SET_INFORMATION,None Info=FileEndOfFileInformation Thread=89A31398 Proc=000172,notepad++.exe Buffer=BACFFCF0 Length=8 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001401 IRP=IRP_MJ_SET_INFORMATION,None Info=FileEndOfFileInformation Thread=89A31B00 Proc=000172,notepad++.exe Buffer=BACF7CF0 Length=8 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001399 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001400 IRP=IRP_MJ_SET_INFORMATION,None Thread=89A31398 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0 [WinIOSol] << EvtID=000001400 Buffer=BACFFCF0 AdvanceOnly=1 EndOfFile=4096 [WinIOSol] EvtID=000001402 IRP=IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] EvtID=000001403 IRP=IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001399 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001399 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=3 Clean=2 Ref=3 [WinIOSol] >> EvtID=000001404 IRP=IRP_MJ_CLOSE,None Thread=89A31398 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001401 IRP=IRP_MJ_SET_INFORMATION,None Thread=89A31B00 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0 [WinIOSol] << EvtID=000001401 Buffer=BACF7CF0 AdvanceOnly=1 EndOfFile=4096 [WinIOSol] >> EvtID=000001405 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] EvtID=000001406 IRP=IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001405 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001405 Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069608322500 LastWriteTime=132461069608947500 ChangeTime=132461069608947500 FileAttributes=0x00000020 ] [WinIOSol] EvtID=000001407 IRP=IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION Name=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001408 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=3 Clean=2 Ref=3 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001409 IRP=IRP_MJ_CLOSE,None Thread=89A31B00 Proc=000172,notepad++.exe Open=3 Clean=2 Ref=3 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001404 UninitializeFCB Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001404 IRP=IRP_MJ_CLOSE,None Thread=89A31398 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] << EvtID=000001408 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=3 Clean=1 Ref=3 Status=0x00000000,STATUS_SUCCESS [WinIOSol] << EvtID=000001409 IRP=IRP_MJ_CLOSE,None Thread=89A31B00 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001410 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001410 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001411 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001411 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001412 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001412 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001412 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001413 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001413 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001413 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001413 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001414 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89504B98 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001414 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001414 Buffer=89504B98 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001415 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001415 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001416 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001416 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001416 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001417 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001417 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001417 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001417 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001418 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8913A1D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001418 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001418 Buffer=8913A1D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001419 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001419 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001420 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001420 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001420 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001422 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001422 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001422 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001422 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001423 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89151340 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001423 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001423 Buffer=89151340 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001424 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001424 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001425 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001425 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001425 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001426 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001426 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001426 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001426 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001427 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001427 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001427 Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001428 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001428 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001429 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001429 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001429 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001431 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001431 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|READ_CONTROL|SYNCHRONIZE| ShareAccess=FILE_SHARE_READ Options=FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE| AllocationSize=0 [WinIOSol] << EvtID=000001431 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001431 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001433 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileStandardInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896DABA8 Length=24 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001433 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=24 [WinIOSol] << EvtID=000001433 Buffer=896DABA8 Standard[ AllocationSize=4096 EndOfFile=104 NumberOfLinks=1 DeletePending=0 Directory=0 ] [WinIOSol] >> EvtID=000001434 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=896E71D0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001434 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001434 Buffer=896E71D0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001435 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001435 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001435 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001435 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=2 Clean=2 Ref=2 [WinIOSol] >> EvtID=000001436 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=894F7BE8 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001436 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001436 Buffer=894F7BE8 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001437 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=2 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001437 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001438 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=2 Clean=1 Ref=2 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001438 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001439 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001439 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001440 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001440 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001440 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001441 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] >> EvtID=000001441 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES|DELETE| ShareAccess=FILE_SHARE_READ Options=FILE_NON_DIRECTORY_FILE|FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001441 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001441 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001442 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileAttributeTagInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8987B0A8 Length=8 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001442 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=8 [WinIOSol] << EvtID=000001442 Buffer=8987B0A8 [WinIOSol] >> EvtID=000001443 IRP=IRP_MJ_SET_INFORMATION,None Info=FileDispositionInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8987B0A8 Length=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001443 IRP=IRP_MJ_SET_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=0 [WinIOSol] << EvtID=000001443 Buffer=8987B0A8 DeleteFile=1 [WinIOSol] >> EvtID=000001444 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001444 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001445 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001445 UninitializeFCB Src=C:\Documents and Settings\Administrator\Application Data\Notepad++\backup\isolationtest.txt@2020-10-02_190920 [WinIOSol] << EvtID=000001445 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001446 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001446 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001446 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001446 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001447 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=8989C8A0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001447 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001447 Buffer=8989C8A0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001448 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001448 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001449 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001449 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001449 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001450 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] >> EvtID=000001450 OperationFlags= CreateDisposition=FILE_OPEN DesiredAccess=FILE_READ_ATTRIBUTES| ShareAccess=FILE_SHARE_READ Options=FILE_OPEN_REPARSE_POINT| AllocationSize=0 [WinIOSol] << EvtID=000001450 IRP=IRP_MJ_CREATE,None Thread=897136A8 Proc=000172,notepad++.exe Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001450 Status=0x00000000,STATUS_SUCCESS Information=FILE_SUPERSEDED Open=1 Clean=1 Ref=1 [WinIOSol] >> EvtID=000001451 IRP=IRP_MJ_QUERY_INFORMATION,None Info=FileBasicInformation Thread=897136A8 Proc=000172,notepad++.exe Buffer=89726EA0 Length=40 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001451 IRP=IRP_MJ_QUERY_INFORMATION,None Thread=897136A8 Proc=000172,notepad++.exe Status=0x00000000,STATUS_SUCCESS Information=40 [WinIOSol] << EvtID=000001451 Buffer=89726EA0 Basic[ CreationTime=132456958870055000 LastAccessTime=132461069617385000 LastWriteTime=132461069617385000 ChangeTime=132461069617385000 FileAttributes=0x00000020 ] [WinIOSol] >> EvtID=000001452 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=1 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001452 IRP=IRP_MJ_CLEANUP,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Status=0x00000000,STATUS_SUCCESS [WinIOSol] >> EvtID=000001453 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=1 Clean=0 Ref=1 Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001453 UninitializeFCB Src=C:\Documents and Settings\Administrator\isolationtest.txt [WinIOSol] << EvtID=000001453 IRP=IRP_MJ_CLOSE,None Thread=897136A8 Proc=000172,notepad++.exe Open=0 Clean=0 Ref=0 Status=0x00000000,STATUS_SUCCESS