IE Text Range Exploit

Publié le par Kareldjag


#    Time sent    Dur.    Process    Request    IRP Flags    FsContext    Path    Status    More info   
1    19:24:53.812    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00000010    E23990D0    C:\Program Files\Internet Explorer\iedw.exe    STATUS_SUCCESS    FileNameInformation
2    19:24:53.812    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00000010    E23990D0    C:\Program Files\Internet Explorer\iedw.exe    STATUS_SUCCESS    FileNameInformation
3    19:24:53.812    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
4    19:24:53.812    46    iedw.exe    IRP_MJ_READ    00000043    E17B3D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0007AC00 ToRead 3200 Read 3200
5    19:24:53.859    0    iedw.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E238DA80    C:\Documents and Settings\Internet2\Bureau    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
6    19:24:53.859    0    iedw.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E238DA80    C:\Documents and Settings\Internet2\Bureau    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
7    19:24:53.859    15    iedw.exe    IRP_MJ_READ    00000043    E180F0D0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00082200 ToRead 2400 Read 2400
8    19:24:53.875    31    iedw.exe    IRP_MJ_READ    00000043    E17FC0D0    C:\WINDOWS\system32\config\system    STATUS_SUCCESS    Offset 00000000-003D5000 ToRead 1000 Read 1000
9    19:24:53.906    31    iedw.exe    IRP_MJ_READ    00000043    E17FC0D0    C:\WINDOWS\system32\config\system    STATUS_SUCCESS    Offset 00000000-003B4000 ToRead 1000 Read 1000
10    19:24:53.937    31    iedw.exe    IRP_MJ_READ    00000043    E180CB60    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
11    19:24:53.968    31    iedw.exe    IRP_MJ_READ    00000043    E1825A08    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
12    19:24:54.000    15    iedw.exe    IRP_MJ_READ    00000043    E182A5B0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
13    19:24:54.015    31    iedw.exe    IRP_MJ_READ    00000043    E1819D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 3000 Read 3000
14    19:24:54.046    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FED30DB4-805B3A5D EndOfFile: FED30D40-FED30DE4 Attrib: 0x00F80016
15    19:24:54.046    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0009D000 EndOfFile: 00000000-0009C400 Attrib: 0x00000020
16    19:24:54.046    390    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\DBGHELP.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
17    19:24:54.437    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E25E1C08    C:\WINDOWS\system32\DBGHELP.dll    STATUS_SUCCESS    FileNameInformation
18    19:24:54.437    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E25E1C08    C:\WINDOWS\system32\DBGHELP.dll    STATUS_SUCCESS   
19    19:24:54.437    0    iedw.exe    IRP_MJ_CLOSE    00000404    E25E1C08    C:\WINDOWS\system32\DBGHELP.dll    STATUS_SUCCESS   
20    19:24:54.437    15    iedw.exe    IRP_MJ_READ    00000043    E25E1C08    C:\WINDOWS\system32\dbghelp.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 8000 Read 8000
21    19:24:54.453    15    iedw.exe    IRP_MJ_READ    00000043    E1810A50    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
22    19:24:54.468    0    iedw.exe    IRP_MJ_READ    00000043    E180F4F8    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
23    19:24:54.484    31    iedw.exe    IRP_MJ_READ    00000043    E182E2F0    C:\WINDOWS\system32\shdocvw.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
24    19:24:54.515    0    iedw.exe    IRP_MJ_READ    00000043    E1830D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
25    19:24:54.515    0    iedw.exe    IRP_MJ_READ    00000043    E18334B0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 2000 Read 2000
26    19:24:54.515    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\CRYPTUI.dll.2.Manifest    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
27    19:24:54.515    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\CRYPTUI.dll.2.Config    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
28    19:24:54.515    31    iedw.exe    IRP_MJ_READ    00000043    E18337F0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
29    19:24:54.546    31    iedw.exe    IRP_MJ_READ    00000043    E18345F0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
30    19:24:54.578    15    iedw.exe    IRP_MJ_READ    00000043    E180C820    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
31    19:24:54.593    15    iedw.exe    IRP_MJ_READ    00000043    E1835A68    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
32    19:24:54.609    0    iedw.exe    IRP_MJ_READ    00000043    E1829198    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
33    19:24:54.609    15    iedw.exe    IRP_MJ_READ    00000043    E182BD10    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
34    19:24:54.625    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FED30DB4-805B3A5D EndOfFile: FED30D40-FED30DE4 Attrib: 0x00F8000E
35    19:24:54.625    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00002000 EndOfFile: 00000000-00001400 Attrib: 0x00000020
36    19:24:54.625    93    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
37    19:24:54.718    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS    FileNameInformation
38    19:24:54.718    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS   
39    19:24:54.718    0    iedw.exe    IRP_MJ_CLOSE    00000404    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS   
40    19:24:54.718    15    iedw.exe    IRP_MJ_READ    00000043    FF61F758    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-005FB000 ToRead 1000 Read 1000
41    19:24:54.734    46    iedw.exe    IRP_MJ_READ    00000043    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS    Offset 00000000-00000E00 ToRead 400 Read 400
42    19:24:54.781    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FED30DB4-805B3A5D EndOfFile: FED30D40-FED30DE4 Attrib: 0x00F80014
43    19:24:54.781    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00023000 EndOfFile: 00000000-00022C00 Attrib: 0x00000020
44    19:24:54.781    234    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
45    19:24:55.015    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    FileNameInformation
46    19:24:55.015    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS   
47    19:24:55.015    0    iedw.exe    IRP_MJ_CLOSE    00000404    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS   
48    19:24:55.015    62    iedw.exe    IRP_MJ_READ    00000043    FF61F758    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-024B2000 ToRead 1000 Read 1000
49    19:24:55.078    15    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-00018600 ToRead 4000 Read 4000
50    19:24:55.093    15    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-00010400 ToRead 8000 Read 8000
51    19:24:55.109    31    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 8000 Read 8000
52    19:24:55.140    15    iedw.exe    IRP_MJ_READ    00000043    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 800 Read 800
53    19:24:55.156    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FED30DB4-805B3A5D EndOfFile: FED30D40-FED30DE4 Attrib: 0x00F80016
54    19:24:55.156    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00010000 EndOfFile: 00000000-00010000 Attrib: 0x00000020
55    19:24:55.156    140    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\ShimEng.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
56    19:24:55.296    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E22F7140    C:\WINDOWS\system32\ShimEng.dll    STATUS_SUCCESS    FileNameInformation
57    19:24:55.296    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22F7140    C:\WINDOWS\system32\ShimEng.dll    STATUS_SUCCESS   
58    19:24:55.296    15    iedw.exe    IRP_MJ_CLOSE    00000404    E22F7140    C:\WINDOWS\system32\ShimEng.dll    STATUS_SUCCESS   
59    19:24:55.312    46    iedw.exe    IRP_MJ_READ    00000043    FF61F758    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-07D48000 ToRead 1000 Read 1000
60    19:24:55.359    15    iedw.exe    IRP_MJ_READ    00000043    E22F7140    C:\WINDOWS\system32\shimeng.dll    STATUS_SUCCESS    Offset 00000000-0000E400 ToRead 600 Read 600
61    19:24:55.375    15    iedw.exe    IRP_MJ_READ    00000043    E22F7140    C:\WINDOWS\system32\shimeng.dll    STATUS_SUCCESS    Offset 00000000-00009400 ToRead 4A00 Read 4A00
62    19:24:55.390    15    iedw.exe    IRP_MJ_READ    00000043    E22F7140    C:\WINDOWS\system32\shimeng.dll    STATUS_SUCCESS    Offset 00000000-0000DE00 ToRead 600 Read 600
63    19:24:55.406    0    iedw.exe    IRP_MJ_READ    00000043    E22F7140    C:\WINDOWS\system32\shimeng.dll    STATUS_SUCCESS    Offset 00000000-00002400 ToRead 4000 Read 4000
64    19:24:55.406    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_OPENED
65    19:24:55.406    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E26FA0D0    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS    AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
66    19:24:55.406    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E26FA0D0    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS    AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
67    19:24:55.406    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E26FA0D0    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS    AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
68    19:24:55.406    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\AppPatch\systest.sdb    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_SUPERSEDED
69    19:24:55.406    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E26FA0D0    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS   
70    19:24:55.406    0    iedw.exe    IRP_MJ_CLOSE    00000404    E26FA0D0    C:\WINDOWS\AppPatch\sysmain.sdb    STATUS_SUCCESS   
71    19:24:55.406    15    iedw.exe    IRP_MJ_READ    00000043    E182D7D8    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0004D200 ToRead 3800 Read 3800
72    19:24:55.421    46    iedw.exe    IRP_MJ_READ    00000043    E1825A08    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0005F200 ToRead C00 Read C00
73    19:24:55.468    46    iedw.exe    IRP_MJ_READ    00000043    E180CB60    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00041800 ToRead 1000 Read 1000
74    19:24:55.515    62    iedw.exe    IRP_MJ_READ    00000043    E18174B0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00088A00 ToRead A00 Read A00
75    19:24:55.578    46    iedw.exe    IRP_MJ_READ    00000043    E180BD90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00074800 ToRead 2C00 Read 2C00
76    19:24:55.625    31    iedw.exe    IRP_MJ_READ    00000043    E182A5B0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0006BE00 ToRead C00 Read C00
77    19:24:55.656    93    iedw.exe    IRP_MJ_READ    00000043    E1819D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0020B600 ToRead 4000 Read 4000
78    19:24:55.750    31    iedw.exe    IRP_MJ_READ    00000043    E18294D8    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00003E00 ToRead 200 Read 200
79    19:24:55.781    46    iedw.exe    IRP_MJ_READ    00000043    E25E1C08    C:\WINDOWS\system32\dbghelp.dll    STATUS_SUCCESS    Offset 00000000-0008E800 ToRead 3600 Read 3600
80    19:24:55.828    31    iedw.exe    IRP_MJ_READ    00000043    E180F4F8    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00124A00 ToRead 4000 Read 4000
81    19:24:55.875    15    iedw.exe    IRP_MJ_READ    00000043    E1830D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00084200 ToRead 2400 Read 2400
82    19:24:55.890    62    iedw.exe    IRP_MJ_READ    00000043    E180C820    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00021600 ToRead 800 Read 800
83    19:24:55.953    31    iedw.exe    IRP_MJ_READ    00000043    E18345F0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00028800 ToRead 400 Read 400
84    19:24:56.015    31    iedw.exe    IRP_MJ_READ    00000043    E1835A68    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0004BE00 ToRead 2800 Read 2800
85    19:24:56.046    31    iedw.exe    IRP_MJ_READ    00000043    E1829198    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00088000 ToRead 2200 Read 2200
86    19:24:56.078    15    iedw.exe    IRP_MJ_READ    00000043    E182BD10    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00020400 ToRead 4000 Read 4000
87    19:24:56.093    46    iedw.exe    IRP_MJ_READ    00000043    E18337F0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00047800 ToRead 400 Read 400
88    19:24:56.140    46    iedw.exe    IRP_MJ_READ    00000043    E182E2F0    C:\WINDOWS\system32\shdocvw.dll    STATUS_SUCCESS    Offset 00000000-000D7400 ToRead 1600 Read 1600
89    19:24:56.187    31    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-00008400 ToRead 1000 Read 1000
90    19:24:56.218    31    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-00018400 ToRead 200 Read 200
91    19:24:56.250    46    iedw.exe    IRP_MJ_READ    00000043    E17BECC8    C:\WINDOWS\system32\config\software    STATUS_SUCCESS    Offset 00000000-0077C000 ToRead 1000 Read 1000
92    19:24:56.296    15    iedw.exe    IRP_MJ_READ    00000043    E17BECC8    C:\WINDOWS\system32\config\software    STATUS_SUCCESS    Offset 00000000-00779000 ToRead 1000 Read 1000
93    19:24:56.312    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FEC2614C-805B3A5D EndOfFile: FEC260D8-FEC2617C Attrib: 0x00F80016
94    19:24:56.312    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
95    19:24:56.312    156    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
96    19:24:56.468    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E22619E8    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS    FileNameInformation
97    19:24:56.468    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22619E8    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS   
98    19:24:56.468    0    iedw.exe    IRP_MJ_CLOSE    00000404    E22619E8    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS   
99    19:24:56.468    31    iedw.exe    IRP_MJ_READ    00000043    E22619E8    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS    Offset 00000000-00009000 ToRead 1000 Read 1000
100    19:24:56.500    0    iedw.exe    IRP_MJ_READ    00000043    E22619E8    C:\WINDOWS\system32\sockspy.dll    STATUS_SUCCESS    Offset 00000000-0000B000 ToRead 2000 Read 2000
101    19:24:56.500    15    iedw.exe    IRP_MJ_READ    00000043    E1819D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00210600 ToRead 4000 Read 4000
102    19:24:56.515    0    iedw.exe    IRP_MJ_READ    00000043    E1819D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0020F600 ToRead 1000 Read 1000
103    19:24:56.515    15    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHELL32.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
104    19:24:56.531    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1819D90    C:\WINDOWS\system32\SHELL32.dll    STATUS_SUCCESS    AllocationSize: 00000000-0081D000 EndOfFile: 00000000-0081CE00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
105    19:24:56.531    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHELL32.dll.124.Manifest    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
106    19:24:56.531    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHELL32.dll.124.Config    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
107    19:24:56.734    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E1819D90    C:\WINDOWS\system32\SHELL32.dll    STATUS_SUCCESS   
108    19:24:56.734    0    iedw.exe    IRP_MJ_CLOSE    00000404    E1819D90    C:\WINDOWS\system32\SHELL32.dll    STATUS_SUCCESS   
109    19:24:56.734    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 00000005-00000000 EndOfFile: 805AFDF8-F612BC2C Attrib: 0xFEC260D8
110    19:24:56.734    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
111    19:24:56.734    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
112    19:24:56.734    265    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
113    19:24:57.000    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    AllocationSize: 00000000-00101000 EndOfFile: 00000000-00100800 NumberOfLinks: 1 DeletePending: 0 Directory: 0
114    19:24:57.000    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS   
115    19:24:57.000    0    iedw.exe    IRP_MJ_CLOSE    00000404    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS   
116    19:24:57.000    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
117    19:24:57.000    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    FileNameInformation
118    19:24:57.000    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS   
119    19:24:57.000    0    iedw.exe    IRP_MJ_CLOSE    00000404    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS   
120    19:24:57.000    218    iedw.exe    IRP_MJ_READ    00000043    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 1000 Read 1000
121    19:24:57.218    46    iedw.exe    IRP_MJ_READ    00000043    E22DEA20    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll    STATUS_SUCCESS    Offset 00000000-00090400 ToRead 600 Read 600
122    19:24:57.265    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
123    19:24:57.265    15    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
124    19:24:57.281    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
125    19:24:57.281    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
126    19:24:57.281    0    iedw.exe    IRP_MJ_CLOSE    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
127    19:24:57.281    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
128    19:24:57.281    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
129    19:24:57.281    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
130    19:24:57.281    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
131    19:24:57.281    0    iedw.exe    IRP_MJ_CLOSE    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
132    19:24:57.281    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
133    19:24:57.281    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
134    19:24:57.281    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS    AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
135    19:24:57.281    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WindowsShell.Config    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
136    19:24:57.281    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
137    19:24:57.281    0    iedw.exe    IRP_MJ_CLOSE    00000404    E1388B40    C:\WINDOWS\WindowsShell.Manifest    STATUS_SUCCESS   
138    19:24:57.281    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 00000005-00000000 EndOfFile: 805AFDF8-F612BC2C Attrib: 0xFEC260D8
139    19:24:57.281    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
140    19:24:57.281    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
141    19:24:57.281    78    iedw.exe    IRP_MJ_READ    00000043    E17BECC8    C:\WINDOWS\system32\config\software    STATUS_SUCCESS    Offset 00000000-0063C000 ToRead 1000 Read 1000
142    19:24:57.359    0    iedw.exe    IRP_MJ_READ    00000043    E17BECC8    C:\WINDOWS\system32\config\software    STATUS_SUCCESS    Offset 00000000-00649000 ToRead 1000 Read 1000
143    19:24:57.703    0    iedw.exe    IRP_MJ_SET_INFORMATION    00000834    E17D00D0    C:\WINDOWS\system32\config\software.LOG    STATUS_SUCCESS    FileEndOfFileInformation EndOfFile: 00000000-00003000
144    19:24:57.703    0    iedw.exe    IRP_MJ_SET_INFORMATION    00000834    E17D00D0    C:\WINDOWS\system32\config\software.LOG    STATUS_SUCCESS    FileEndOfFileInformation EndOfFile: 00000000-00003000
145    19:24:57.703    15    iedw.exe    IRP_MJ_READ    00000043    E17BECC8    C:\WINDOWS\system32\config\software    STATUS_SUCCESS    Offset 00000000-0043E000 ToRead 1000 Read 1000
146    19:24:57.718    31    iedw.exe    IRP_MJ_READ    00000043    E18334B0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-0000D600 ToRead 200 Read 200
147    19:24:57.750    187    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\WININET.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
148    19:24:57.937    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E1829198    C:\WINDOWS\system32\WININET.dll    STATUS_SUCCESS    AllocationSize: 00000000-000A2000 EndOfFile: 00000000-000A1C00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
149    19:24:57.937    15    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\WININET.dll.123.Manifest    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
150    19:24:57.953    15    iedw.exe    IRP_MJ_READ    00000043    E1829198    C:\windows\system32\wininet.dll    STATUS_SUCCESS    Offset 00000000-0008A000 ToRead 8000 Read 8000
151    19:24:57.968    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\WININET.dll.123.Config    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
152    19:24:58.000    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E1829198    C:\WINDOWS\system32\WININET.dll    STATUS_SUCCESS   
153    19:24:58.000    0    iedw.exe    IRP_MJ_CLOSE    00000404    E1829198    C:\WINDOWS\system32\WININET.dll    STATUS_SUCCESS   
154    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 00000005-00000000 EndOfFile: 805AFDF8-F612BC2C Attrib: 0xFEC260D8
155    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
156    19:24:58.000    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
157    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 00000005-00000000 EndOfFile: 805AFDF8-F612BC2C Attrib: 0xFEC260D8
158    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
159    19:24:58.000    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
160    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FEC2614C-805B3A5D EndOfFile: FEC260D8-FEC2617C Attrib: 0x00F80018
161    19:24:58.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0006A000 EndOfFile: 00000000-00069600 Attrib: 0x00000020
162    19:24:58.000    234    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\RichEd20.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
163    19:24:58.234    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E29B90D0    C:\WINDOWS\system32\RichEd20.dll    STATUS_SUCCESS    FileNameInformation
164    19:24:58.234    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E29B90D0    C:\WINDOWS\system32\RichEd20.dll    STATUS_SUCCESS   
165    19:24:58.234    0    iedw.exe    IRP_MJ_CLOSE    00000404    E29B90D0    C:\WINDOWS\system32\RichEd20.dll    STATUS_SUCCESS   
166    19:24:58.234    15    iedw.exe    IRP_MJ_READ    00000043    E29B90D0    C:\WINDOWS\system32\riched20.dll    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 8000 Read 8000
167    19:24:58.250    46    iedw.exe    IRP_MJ_READ    00000043    E29B90D0    C:\WINDOWS\system32\riched20.dll    STATUS_SUCCESS    Offset 00000000-0005EE00 ToRead 600 Read 600
168    19:24:58.312    312    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHDOCVW.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
169    19:24:58.625    0    iedw.exe    FASTIO_QUERY_STANDARD_INFO        E182E2F0    C:\WINDOWS\system32\SHDOCVW.dll    STATUS_SUCCESS    AllocationSize: 00000000-0016D000 EndOfFile: 00000000-0016C800 NumberOfLinks: 1 DeletePending: 0 Directory: 0
170    19:24:58.625    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHDOCVW.dll.123.Manifest    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
171    19:24:58.625    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\SHDOCVW.dll.123.Config    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
172    19:24:58.640    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E182E2F0    C:\WINDOWS\system32\SHDOCVW.dll    STATUS_SUCCESS   
173    19:24:58.640    0    iedw.exe    IRP_MJ_CLOSE    00000404    E182E2F0    C:\WINDOWS\system32\SHDOCVW.dll    STATUS_SUCCESS   
174    19:24:58.640    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 00000005-00000000 EndOfFile: 805AFDF8-F612BC2C Attrib: 0xFEC260D8
175    19:24:58.640    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
176    19:24:58.640    0    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
177    19:24:58.640    15    iedw.exe    IRP_MJ_READ    00000043    E22DB8F0    C:\WINDOWS\system32\sfc_os.dll    STATUS_SUCCESS    Offset 00000000-0000C400 ToRead 4000 Read 4000
178    19:24:58.656    31    iedw.exe    IRP_MJ_READ    00000043    E22E20D0    C:\WINDOWS\system32\sfc.dll    STATUS_SUCCESS    Offset 00000000-00000C00 ToRead 200 Read 200
179    19:24:58.687    46    iedw.exe    IRP_MJ_READ    00000043    E23990D0    C:\Program Files\Internet Explorer\iedw.exe    STATUS_SUCCESS    Offset 00000000-00003C00 ToRead 400 Read 400
180    19:24:58.734    31    iedw.exe    IRP_MJ_READ    00000043    E1819D90    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00082400 ToRead 2000 Read 2000
181    19:24:58.765    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: FEC2614C-805B3A5D EndOfFile: FEC260D8-FEC2617C Attrib: 0x00F80018
182    19:24:58.765    0    iedw.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-002DA000 EndOfFile: 00000000-002D9200 Attrib: 0x00000080
183    19:24:58.765    218    iedw.exe    IRP_MJ_CREATE    00000884    00000000    C:\WINDOWS\system32\xpsp2res.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
184    19:24:58.984    0    iedw.exe    IRP_MJ_QUERY_INFORMATION    00001014    E2350D90    C:\WINDOWS\system32\xpsp2res.dll    STATUS_SUCCESS    FileNameInformation
185    19:24:58.984    0    iedw.exe    IRP_MJ_CLEANUP    00000404    E2350D90    C:\WINDOWS\system32\xpsp2res.dll    STATUS_SUCCESS   
186    19:24:58.984    0    iedw.exe    IRP_MJ_CLOSE    00000404    E2350D90    C:\WINDOWS\system32\xpsp2res.dll    STATUS_SUCCESS   
187    19:24:59.000    0    iedw.exe    FASTIO_QUERY_OPEN        00000000 &nbs

Publié dans METHODOLOGY

Commenter cet article