FIREFOX DoS exploit

Publié le par Kareldjag



    Time sent    Dur.    Process    Request    IRP Flags    FsContext    Path    Status    More info   
1    19:02:10.984    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
2    19:02:11.000    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
3    19:02:11.000    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
6    19:02:11.000    15    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
5    19:02:11.000    15    msimn.exe    IRP_MJ_READ    00000043    E10D40D0    C:[-=Not In Cache=-]    STATUS_SUCCESS    Offset 00000000-00008000 ToRead 1000 Read 1000
4    19:02:11.015    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
7    19:02:11.015    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
8    19:02:11.015    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
9    19:02:11.015    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
10    19:02:11.015    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
11    19:02:11.015    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
12    19:02:11.031    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
19    19:02:11.046    0    msimn.exe    IRP_MJ_READ    00000043    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    Offset 00000000-00000400 ToRead 2200 Read 2200
13    19:02:11.046    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
14    19:02:11.046    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
15    19:02:11.046    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
16    19:02:11.046    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
17    19:02:11.046    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
18    19:02:11.046    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
20    19:02:11.062    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
21    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8FA673C-FF9C2020 EndOfFile: FF4D782C-80573BF2 Attrib: 0xFF9C2038
22    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
23    19:02:11.062    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
24    19:02:11.062    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
25    19:02:11.062    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
26    19:02:11.062    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
27    19:02:11.062    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
28    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8D7673C-FFB49290 EndOfFile: FF4D782C-80573BF2 Attrib: 0xFFB492A8
29    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
30    19:02:11.062    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
31    19:02:11.062    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
32    19:02:11.062    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
33    19:02:11.062    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
34    19:02:11.062    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
35    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F91E673C-FFAE53A0 EndOfFile: FF4D782C-80573BF2 Attrib: 0xFFAE53B8
36    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
37    19:02:11.062    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
38    19:02:11.062    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
39    19:02:11.062    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
40    19:02:11.062    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
41    19:02:11.062    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
42    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F97D773C-FFAAD3B0 EndOfFile: FF4D782C-80573BF2 Attrib: 0xFFAAD3C8
43    19:02:11.062    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
44    19:02:11.062    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
45    19:02:11.062    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
46    19:02:11.062    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
47    19:02:11.062    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
48    19:02:11.093    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
49    19:02:11.093    15    msimn.exe    IRP_MJ_READ    00000043    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    Offset 00000000-00002600 ToRead 200 Read 200
50    19:02:11.093    15    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
51    19:02:11.109    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
52    19:02:11.109    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
53    19:02:11.109    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00141000 EndOfFile: 00000000-00140400 Attrib: 0x00000020
54    19:02:11.109    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00141000 EndOfFile: 00000000-00140400 Attrib: 0x00000020
55    19:02:11.125    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
56    19:02:11.125    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
57    19:02:11.125    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
58    19:02:11.125    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
59    19:02:11.140    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
60    19:02:11.171    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
61    19:02:11.171    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
62    19:02:11.171    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
63    19:02:11.171    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
64    19:02:11.187    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
65    19:02:11.187    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
66    19:02:11.187    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
67    19:02:11.187    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
68    19:02:11.203    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
69    19:02:11.203    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
70    19:02:11.203    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
71    19:02:11.203    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
72    19:02:11.203    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
73    19:02:11.203    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
74    19:02:11.203    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
75    19:02:11.218    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
76    19:02:11.234    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
77    19:02:11.234    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
78    19:02:11.234    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
79    19:02:11.234    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
80    19:02:11.234    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
81    19:02:11.234    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8A1673C-FF984A88 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFF984AA0
82    19:02:11.234    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
83    19:02:11.234    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
84    19:02:11.234    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
85    19:02:11.234    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
86    19:02:11.234    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
87    19:02:11.250    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
88    19:02:11.250    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
89    19:02:11.250    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
90    19:02:11.250    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
91    19:02:11.250    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
92    19:02:11.250    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F874C73C-FF9E8A48 EndOfFile: FF205924-80573BF2 Attrib: 0xFF9E8A60
93    19:02:11.250    15    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
94    19:02:11.265    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
95    19:02:11.265    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
96    19:02:11.265    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
97    19:02:11.265    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
98    19:02:11.265    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
99    19:02:11.265    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
100    19:02:11.265    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
101    19:02:11.281    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
102    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F897673C-81296C90 EndOfFile: FF46F82C-80573BF2 Attrib: 0x81296CA8
103    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
104    19:02:11.281    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
105    19:02:11.281    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
106    19:02:11.281    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
107    19:02:11.281    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
108    19:02:11.281    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
109    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8AD673C-FFA23898 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFFA238B0
110    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
111    19:02:11.281    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
112    19:02:11.281    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
113    19:02:11.281    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
114    19:02:11.281    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
115    19:02:11.281    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
116    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F876C73C-FFB130A0 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFFB130B8
117    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
118    19:02:11.281    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
119    19:02:11.281    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
120    19:02:11.281    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
121    19:02:11.281    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
122    19:02:11.281    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
123    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8E1673C-FF7DFF78 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFF7DFF90
124    19:02:11.281    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
125    19:02:11.281    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
126    19:02:11.281    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
127    19:02:11.281    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
128    19:02:11.281    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
129    19:02:11.296    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
130    19:02:11.296    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
131    19:02:11.296    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
132    19:02:11.296    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
133    19:02:11.312    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
134    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8D6673C-81169858 EndOfFile: FF46F82C-80573BF2 Attrib: 0x81169870
135    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
136    19:02:11.312    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
137    19:02:11.312    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
138    19:02:11.312    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
139    19:02:11.312    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
140    19:02:11.312    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
141    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F919673C-FF9BC440 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFF9BC458
142    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
143    19:02:11.312    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
144    19:02:11.312    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
145    19:02:11.312    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
146    19:02:11.312    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
147    19:02:11.312    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
148    19:02:11.312    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
149    19:02:11.312    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
150    19:02:11.312    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
151    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F898673C-FFAB08D8 EndOfFile: FF46F82C-80573BF2 Attrib: 0xFFAB08F0
152    19:02:11.312    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
153    19:02:11.312    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
154    19:02:11.312    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
155    19:02:11.312    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
156    19:02:11.312    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
157    19:02:11.390    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
158    19:02:11.390    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F87BC73C-FF635868 EndOfFile: FF205924-80573BF2 Attrib: 0xFF635880
159    19:02:11.390    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
160    19:02:11.390    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
161    19:02:11.390    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
162    19:02:11.390    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
163    19:02:11.390    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
164    19:02:11.406    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
165    19:02:11.406    0    msimn.exe    IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST    00000800    E16ED688    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FSCTL_IS_VOLUME_MOUNTED (0x00090028)
166    19:02:11.406    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F8DB673C-FF9678E8 EndOfFile: FF205924-80573BF2 Attrib: 0xFF967900
167    19:02:11.406    0    msimn.exe    FASTIO_QUERY_OPEN        00000000    C:[-=Error 0xc000000d Getting Name=-]    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
168    19:02:11.406    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
169    19:02:11.406    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00001014    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS    FileNameInformation
170    19:02:11.406    0    msimn.exe    IRP_MJ_CLEANUP    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
171    19:02:11.406    0    msimn.exe    IRP_MJ_CLOSE    00000404    E177E710    C:WINDOWSsystem32sockspy.dll    STATUS_SUCCESS   
172    19:02:11.421    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
173    19:02:11.421    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
174    19:02:11.421    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
175    19:02:11.421    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
176    19:02:11.437    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
177    19:02:11.437    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
178    19:02:11.437    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
179    19:02:11.437    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
180    19:02:11.453    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
181    19:02:11.468    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
182    19:02:11.468    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:WINDOWSPrefetchMSIMN.EXE-38BA891D.pf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
183    19:02:11.468    0    msimn.exe    IRP_MJ_CREATE    00000884    00000000    C:Program FilesMozilla Firefox    STATUS_SUCCESS    FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
184    19:02:11.468    0    msimn.exe    IRP_MJ_QUERY_INFORMATION    00000010    E19D50D0    C:Program FilesOutlook Expressmsimn.exe    STATUS_SUCCESS    FileNameInformation
185    19:02:11.468    0    msimn.exe    IR

Publié dans METHODOLOGY

Pour être informé des derniers articles, inscrivez vous :
Vous aimerez aussi :
Rootkit test 3
Rootkit test 3
METHODOLOGY Part 2
METHODOLOGY Part 2
Why some tests are done with HIPS disabled
Why some tests are done with HIPS disabled
METHODOLGY Part 3
METHODOLGY Part 3
DLL Injection in Firefox.exe
PCFlank Leaktest
Commenter cet article