3380a59f...97c9 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper, Spyware, Trojan

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x96c Analysis Target High (Elevated) exec.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe" -
#2 0x98c Child Process Medium exec.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe" #1
#3 0x9b8 Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" #1
#4 0x9c0 Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" #1
#5 0x9e8 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #4
#6 0x9f0 Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #3
#7 0xa08 RPC Server System (Elevated) vssvc.exe C:\Windows\system32\vssvc.exe #5
#10 0xaa8 Child Process High (Elevated) netsh.exe netsh firewall set opmode mode=disable #3
#12 0x550 Autostart Medium exec.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe" -
#13 0x558 Autostart Medium exec.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe" -
#14 0x568 Autostart Medium exec.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" -
#15 0x570 Autostart Medium exec.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" -
#16 0x5e8 Child Process High (Elevated) exec.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" #14
#17 0x69c Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" #16
#18 0x698 Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" #16
#19 0x32c Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #17
#20 0x328 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #18
#21 0x5c0 RPC Server System (Elevated) vssvc.exe C:\Windows\system32\vssvc.exe #20
#23 0x4fc Child Process High (Elevated) netsh.exe netsh firewall set opmode mode=disable #17
#24 0x218 Child Process High (Elevated) wmic.exe wmic shadowcopy delete #18
#27 0xc0 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures #18
#28 0x380 Child Process High (Elevated) mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\info.hta" #16
#29 0x440 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} recoveryenabled no #18
#30 0x774 Child Process High (Elevated) mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" #16
#31 0x124 Child Process High (Elevated) mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" #16
#32 0x538 Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" #16
#33 0x6e8 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #32
#34 0xcc Child Process High (Elevated) wmic.exe wmic shadowcopy delete #32
#35 0xec Child Process High (Elevated) bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures #32
#36 0x7f0 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} recoveryenabled no #32

Behavior Information - Grouped by Category

Process #1: exec.exe
344 0
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:34, Reason: Analysis Target
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:32
OS Process Information
»
Information Value
PID 0x96c
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 970
0x 97C
0x 980
0x 984
0x 9B0
0x 9B4
0x A80
0x A84
0x A88
0x AA0
0x AA4
0x ABC
0x AC0
0x AC4
0x AC8
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe 71.00 KB MD5: c499e9350dfd74eba5d15fb183725e61
SHA1: 04a76b08175c51c808e221a614698222e3f983ab
SHA256: 3380a59f6277030af31ecab0023af30a4f63e5b4407f1aba4a262c34fce397c9
SSDeep: 1536:1FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKBNY33sGD1s0+o:1YPxAwtPtoe/zLaGmCZrqcBS33bD1s9
False
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.38 KB MD5: 9225df2aedc2bb5abe903754d4d24da9
SHA1: 1cd7dd667f2524f175007cba9096fba366b4521c
SHA256: 6c0abe12004d3603313f3eb38d0457ee772d8884b039ed772a1ee91f72aacabc
SSDeep: 6:kScbjxHzDNMBXxeQah5tMA+wA+sHHofy2yblM2czWAMmje+UDMMp4/f3JdUEBp2B:kScbjRzDOhezWIfob2RAG4poJWEBpg
False
\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 64.25 KB MD5: 5e2acb6875a8f96988be702e75e59049
SHA1: 9eeca00540511ad681a58b63b9f206285aa96107
SHA256: 90835b96f778107038a35589389d5657b5e77ee3eeb9c9610f21206e0a723386
SSDeep: 1536:oeWe07qfd/vTMj5OuY8bTMoi8K4cjzH2r+RJMDrZnis:oeWe07qljG5vZf3rRD1nt
False
\\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 8.25 KB MD5: a6ef1133a17426f563c0c2a1da37c225
SHA1: a6eeced28e03bbcbd8e9c81f893a31d7dd658ec4
SHA256: 1c2d148f6b8c4f0895a55a22732bcde8047eb78e235c76d7173a2fdd39dc7330
SSDeep: 192:KQf5+tXDl5rn/4aX/W4OcqYhT3vGquMVjA9EYqTM0raoq:JfE5rb/48bOcqYdOqVsR
False
Host Behavior
File (217)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = size, size_out = 89168 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = size, size_out = 87616 True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = size, size_out = 91712 True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = size, size_out = 94800 True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = size, size_out = 85056 True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = size, size_out = 43600 True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = size, size_out = 90192 True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = size, size_out = 89152 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = size, size_out = 3694080 True 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = size, size_out = 3876772 True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = size, size_out = 1984228 True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = size, size_out = 2371360 True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = size, size_out = 47452 True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = size, size_out = 65536 True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = size, size_out = 93248 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = size, size_out = 90688 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = size, size_out = 76352 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = size, size_out = 75344 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = size, size_out = 88144 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = size, size_out = 485760 True 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = size, size_out = 90176 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = size, size_out = 89664 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = size, size_out = 90192 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = size, size_out = 87616 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = size, size_out = 87104 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = size, size_out = 70720 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = size, size_out = 70224 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = size, size_out = 70208 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = size, size_out = 8192 True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr type = size, size_out = 383786 True 1
Fn
Get Info \\?\C:\bootmgr type = file_attributes True 1
Fn
Get Info \\?\C:\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml type = size, size_out = 1565 True 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml type = file_attributes True 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml type = size, size_out = 2296 True 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml type = file_attributes True 1
Fn
Get Info \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe True 1
Fn
Copy c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe True 1
Fn
Move \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\chs_boot.ttf source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos False 1
Fn
Move \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\cht_boot.ttf source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos False 1
Fn
Move \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\jpn_boot.ttf source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos False 1
Fn
Move \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\kor_boot.ttf source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos False 1
Fn
Read \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini size = 1114368, size_out = 129 True 1
Fn
Data
Read \\?\C:\Boot\BOOTSTAT.DAT size = 1114368, size_out = 65536 True 1
Fn
Data
Read \\?\C:\BOOTSECT.BAK size = 1114368, size_out = 8192 True 1
Fn
Data
Read \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml size = 1114368 False 1
Fn
Write - size = 91 True 1
Fn
Data
Write - size = 188 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 144 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 65552 True 1
Fn
Data
Write \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 8208 True 1
Fn
Data
Write \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Delete \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini - True 1
Fn
Delete \\?\C:\Boot\BOOTSTAT.DAT - True 1
Fn
Delete \\?\C:\BOOTSECT.BAK - True 1
Fn
Registry (20)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 9180688, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 9180752, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 196, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 9196824, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe os_pid = 0x98c, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\cmd.exe os_pid = 0x9c0, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\cmd.exe os_pid = 0x9b8, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Open c:\windows\explorer.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module (37)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76c20000 True 14
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x74d40000 True 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x76c3359f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 True 7
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CreateProcessWithTokenW, address_out = 0x74d8531f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 True 3
Fn
System (19)
»
Operation Additional Information Success Count Logfile
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 12
Fn
Get Time type = System Time, time = 2019-04-12 22:27:36 (UTC) True 1
Fn
Get Time type = Ticks, time = 106548 True 1
Fn
Get Time type = Performance Ctr, time = 15795443241 True 1
Fn
Get Time type = Ticks, time = 106579 True 1
Fn
Get Info type = Operating System True 2
Fn
Mutex (22)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4200 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4200 True 1
Fn
Create mutex_name = Global\00019C354B4200 True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE False 3
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\00019C354B4200 True 1
Fn
Release mutex_name = Global\00019C354B4200 True 1
Fn
Release mutex_name = Global\00019C354B4200 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #2: exec.exe
81 0
»
Information Value
ID #2
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:38, Reason: Child Process
Unmonitor End Time: 00:01:07, Reason: Self Terminated
Monitor Duration 00:00:28
OS Process Information
»
Information Value
PID 0x98c
Parent PID 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 990
0x 994
0x 998
0x 99C
0x 9A0
0x 9A4
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe 71.00 KB MD5: c499e9350dfd74eba5d15fb183725e61
SHA1: 04a76b08175c51c808e221a614698222e3f983ab
SHA256: 3380a59f6277030af31ecab0023af30a4f63e5b4407f1aba4a262c34fce397c9
SSDeep: 1536:1FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKBNY33sGD1s0+o:1YPxAwtPtoe/zLaGmCZrqcBS33bD1s9
False
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe True 1
Fn
Copy c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe True 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe False 1
Fn
Registry (19)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 8853008, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 8853072, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 196, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 8869144, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Module (13)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76c20000 True 3
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x76c3359f True 1
Fn
System (17)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 10
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = System Time, time = 2019-04-12 22:27:37 (UTC) True 1
Fn
Get Time type = Ticks, time = 106923 True 1
Fn
Get Time type = Performance Ctr, time = 15870564687 True 1
Fn
Get Time type = Ticks, time = 106969 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (14)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4200 True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 8
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #3: cmd.exe
298 0
»
Information Value
ID #3
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\system32\cmd.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:45, Reason: Child Process
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:21
OS Process Information
»
Information Value
PID 0x9b8
Parent PID 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9BC
Host Behavior
File (234)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Open STD_OUTPUT_HANDLE - True 25
Fn
Open STD_INPUT_HANDLE - True 95
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 86
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 39 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\netsh.exe os_pid = 0x9f0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\netsh.exe os_pid = 0xaa8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\Windows\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (2)
»
Operation Process Additional Information Success Count Logfile
Read C:\Windows\system32\netsh.exe address = 8796092882944, size = 896 True 1
Fn
Data
Read C:\Windows\system32\netsh.exe address = 8796092887040, size = 896 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x76f50000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a490000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76e30000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76e46d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76e423d0 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76e38290 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76e417e0 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x76fa14a0 True 1
Fn
System (4)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 22:27:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 111946 True 1
Fn
Get Time type = Performance Ctr, time = 16643977667 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (25)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 8
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 2
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop True 1
Fn
Set Environment String name = COPYCMD True 2
Fn
Set Environment String name = =ExitCode, value = 40010004 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #4: cmd.exe
166 0
»
Information Value
ID #4
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\system32\cmd.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:45, Reason: Child Process
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:21
OS Process Information
»
Information Value
PID 0x9c0
Parent PID 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9C4
Host Behavior
File (114)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 8
Fn
Get Info STD_INPUT_HANDLE type = file_type True 3
Fn
Open STD_OUTPUT_HANDLE - True 17
Fn
Open STD_INPUT_HANDLE - True 41
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 36
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\vssadmin.exe os_pid = 0x9e8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\Windows\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (1)
»
Operation Process Additional Information Success Count Logfile
Read C:\Windows\system32\vssadmin.exe address = 8796092887040, size = 896 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x76f50000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4a490000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76e30000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76e46d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76e423d0 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76e38290 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76e417e0 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x76fa14a0 True 1
Fn
System (4)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 22:27:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 111961 True 1
Fn
Get Time type = Performance Ctr, time = 16645492182 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (16)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 5
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Process #5: vssadmin.exe
0 0
»
Information Value
ID #5
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:46, Reason: Child Process
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:19
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x9e8
Parent PID 0x9c0 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9EC
0x 9F8
0x 9FC
0x A00
0x A04
Process #6: netsh.exe
64 0
»
Information Value
ID #6
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:46, Reason: Child Process
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:19
OS Process Information
»
Information Value
PID 0x9f0
Parent PID 0x9b8 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9F4
Host Behavior
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (34)
»
Operation Module Additional Information Success Count Logfile
Load RASMONTR.DLL base_address = 0x7fef8770000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7fefdad0000 True 1
Fn
Load C:\Windows\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load NSHWFP.DLL base_address = 0x7fef3610000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7fef8840000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7fef8810000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7fef8800000 True 1
Fn
Load FWCFG.DLL base_address = 0x7fef85f0000 True 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7fef3990000 True 1
Fn
Load IFMON.DLL base_address = 0x7fef87e0000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7fef3b80000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7fef86e0000 True 1
Fn
Load HNETMON.DLL base_address = 0x7fef8690000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7fef85c0000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7fef85a0000 True 1
Fn
Load NAPMONTR.DLL base_address = 0x7fef35d0000 True 1
Fn
Load NSHIPSEC.DLL - False 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x17e0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7fef878cf70 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7fef367b6d0 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7fef8841a40 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7fef8811720 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7fef8801c24 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7fef85f2d20 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7fef3995d20 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7fef87e1924 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7fef3b9ce30 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7fef86e210c True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7fef86922a4 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7fef85c2e88 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7fef85a390c True 1
Fn
Get Address c:\windows\system32\napmontr.dll function = InitHelperDll, address_out = 0x7fef35e048c True 1
Fn
System (13)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 369, y_out = 550 True 1
Fn
Get Time type = System Time, time = 2019-04-12 22:27:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 112320 True 1
Fn
Get Time type = Performance Ctr, time = 16773394601 True 1
Fn
Get Time type = System Time, time = 2019-04-12 22:27:43 (UTC) True 1
Fn
Get Time type = Ticks, time = 113428 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Process #7: vssvc.exe
3 0
»
Information Value
ID #7
File Name c:\windows\system32\vssvc.exe
Command Line C:\Windows\system32\vssvc.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:50, Reason: RPC Server
Unmonitor End Time: 00:01:13, Reason: Self Terminated
Monitor Duration 00:00:22
OS Process Information
»
Information Value
PID 0xa08
Parent PID 0x1cc (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x A1C
0x A18
0x A14
0x A10
0x A0C
0x A20
0x A24
0x A40
0x AB0
0x BC4
Host Behavior
System (3)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 22:27:43 (UTC) True 1
Fn
Get Time type = Ticks, time = 113116 True 1
Fn
Get Time type = Performance Ctr, time = 17186780632 True 1
Fn
Process #10: netsh.exe
0 0
»
Information Value
ID #10
File Name c:\windows\system32\netsh.exe
Command Line netsh firewall set opmode mode=disable
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:01:05, Reason: Child Process
Unmonitor End Time: 00:01:06, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xaa8
Parent PID 0x9b8 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AB4
0x AAC
Process #12: exec.exe
23 0
»
Information Value
ID #12
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:36, Reason: Autostart
Unmonitor End Time: 00:01:43, Reason: Self Terminated
Monitor Duration 00:00:07
OS Process Information
»
Information Value
PID 0x550
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 554
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
exec.exe 0x01020000 0x01035FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:28:43 (UTC) True 1
Fn
Get Time type = Ticks, time = 22370 True 1
Fn
Get Time type = Performance Ctr, time = 6594207301 True 1
Fn
Get Time type = Ticks, time = 24024 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4201 True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #13: exec.exe
23 0
»
Information Value
ID #13
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:36, Reason: Autostart
Unmonitor End Time: 00:01:45, Reason: Self Terminated
Monitor Duration 00:00:08
OS Process Information
»
Information Value
PID 0x558
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 55C
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
exec.exe 0x01020000 0x01035FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:28:43 (UTC) True 1
Fn
Get Time type = Ticks, time = 23119 True 1
Fn
Get Time type = Performance Ctr, time = 6668358649 True 1
Fn
Get Time type = Ticks, time = 24414 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4201 True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #14: exec.exe
2364 0
»
Information Value
ID #14
File Name c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe
Command Line "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:36, Reason: Autostart
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:02:15
OS Process Information
»
Information Value
PID 0x568
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 56C
0x 5EC
0x 5F8
0x 61C
0x 654
0x 658
0x 66C
0x 71C
0x 720
0x 724
0x 728
0x 784
0x 788
0x 7A8
0x 7AC
0x 7B0
0x 7B4
0x 250
0x 6A0
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 246.27 KB MD5: 8402fa4c03819de72b6f6e35e801fa14
SHA1: a038c34491d7a93ad1d1fd1bdd1cdc85ec673860
SHA256: 7245910d3b9a9f1ddedd3e97d0b0d8cd11a679fbf240929d1ebae4283a33ed1e
SSDeep: 6144:Ind2msZY+ctXXg5+wQ4b+EwrQ2Gj9ZnGpxje1q7quS:OdT3B4+wQ4bArQ2Gj9ZEte1qWT
False
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 17.64 MB MD5: ce759cbb7116fcac171cc306189d0207
SHA1: c05dfa1f2799b67747cd8e0ff58a9c9626ed6206
SHA256: 9a70db9cbed5d899d08bc72720f7b492b3618bb3d95c1c6737433f0f000ced84
SSDeep: 196608:+n680fUIyyPHgvDXadSLsS8nQsiAESlYnwZrja9segf:+ndkUaovsItAynevIu
False
\\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 17.36 MB MD5: 419f2a17a6d8369c17ecc156322a4494
SHA1: e3e9ecf51c17ef7270585377d68c2070112faf9d
SHA256: 72e5e54b4bb6cbc738d72d210d02ebd46e3dd9ba8ed354d591b3075db498d0c7
SSDeep: 196608:L+vjzyOui6r+Qo4iT6YqQitn+KgxUzGVw9vV+Ud5CP46ZjNK:yrN67xdBtSxUzGVw7+YMggK
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 75.91 KB MD5: e2d5f4afcb58a79248d0070e733b61e8
SHA1: ae0a3298d571cbb5894f0a846c787915c31d75fd
SHA256: 73c3634a6a58ccd207797a75aec0cd863d8a4fe872f1c23510e0632a671ccbee
SSDeep: 1536:G4MiqOzqQJzfkdv7wWPlTnjmxs/NE4CxLs+MSeU6LCrDy1xn0WHpDko:YBOuQJrILPtjmUERxASeUDWJQo
False
\\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 276.27 KB MD5: b9de4c87a44521748b52be1504c10151
SHA1: 8da2bb212201367dcc07b71005425e2e881b1da5
SHA256: 3f4dadffe7ff578a103aa4f4db63d83112fa886ee56f3de88e775b40ca6d5807
SSDeep: 6144:nlhZ+7gmj/iBiS2UfO6aG2fYyWVL4BGk653sOTjfmU:lhZS9jS2UGJJ/yLM6D/mU
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.28 KB MD5: f38c7a1c54f2d5233aae7e8ab6f2d756
SHA1: 3ff1bdcfa10b295ccea3e7fd706c49ffc1a5f77c
SHA256: c0e307dd42addfe1754954ede214e715bc25f835356fbb7ae7cafcda16ed7b59
SSDeep: 6:qdmKJp59bqD+pk/UsGBfNkmVh0vNbFJjNgut41/m4:am6jQ3UBSi+JFJG1+4
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 106.53 KB MD5: d7a9f4636dab3c79f8c87fbf4d890d7d
SHA1: f83ccb603d20a45649253f2c70a513f21074caa9
SHA256: 7066cd5d668e2b79acdb39dc6c328d8ff4b954393f8e032e22a2c4b8c324842b
SSDeep: 3072:Y8VlAsFEWnPxtKdnDmk2cIbku1NUI6SnClGeYhH:1bAsKWPxgD9219/UI6SClGeYd
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.58 KB MD5: 08c69be51eacc127601ea469ec0784f5
SHA1: cc53edf2780f2a1054d45c450647b6cff61b8d9f
SHA256: 04fd6236733e6da322d9dd2a996bbde4b42ea906831d0916ca8d6bb263929e6a
SSDeep: 12:gK+t0cPR7ERWWGlwtQd23XORlm5Q0Ahel75HrI2nmUi+JFJG1+4:gKzrGuhCHBwrLdFU1h
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.41 KB MD5: 68bf1f2ee800660818230c0954d866c3
SHA1: 4f6a61639b2ed6c1d936fa6b88ba25d6fef40337
SHA256: 71dc2a0a73867bc0cb5f8158a75cca35e328ac65cc2ccead32a47bee4d0f1210
SSDeep: 24:1SZTcWP37jXBdmhUJ+4U1mO+WiCOZHNHTuMq2a+lOWbex2qyuCN9UyiOpFU1h:1o/vxd4UJbwmO+WiBZtHT7wcE2qy/Qyo
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 34.55 KB MD5: 65844b57e3ed2ac6243c6be5b9cc6909
SHA1: 12ba151f40eae66722ccaf459622a0d44d6a7232
SHA256: 966b2a9bcb0045d7e8c9f8ca279921ea7c2f947cc618c96cd74ea438d60456ce
SSDeep: 768:1pGRDmmyJStmDS+2SGqUV5OYKNxW9qy06lxZEH0y2l8cZFqT10Cun:jR1nSAGwYr9qy06PImFiCCun
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 52.19 KB MD5: 20802f97fad513ef016e52162391a9a4
SHA1: 1b530b3c863cea2a1d17954cfdfea08a66b0f381
SHA256: c85385a42b01931febc82d95046cf88919ccdccb3bb9afea4147aaf857772f8f
SSDeep: 1536:nKhvGXBxcha4mmF/q+HUrZ4ruQV54wihDzenfH2:wvrha4LKWRnxAnafW
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 135.47 KB MD5: d8bad940c0b3c09b6f30f4e2ace2852a
SHA1: ce707a36e1dc2a8e22822b70ae4652b6cb1c78d4
SHA256: be59ded9b93f8c068ae74ce332e9f4be5910bbfb9b425ddae5428b6db7bed20d
SSDeep: 3072:3n8fbxFhvOvazpV/teQ9j1ibqLi3G/VExYypq:XEbxOvspVFxNTLH/ixYypq
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 5.27 KB MD5: 0a20b8a09b7842df1a7f1d79caf260fc
SHA1: 53db0f3a978423e9c2da56e2893084c22b7cad52
SHA256: c378778f019cc4d453fdc4fd8a4eed15ea8200f22262e027cf62e818d80ba356
SSDeep: 96:3FRFC1aKlO9zSxqR4cF3d9SeBzl3XLNuHUkuAF98P7kDKVm:3DFCLgSat9NrNoUkBuBVm
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.39 KB MD5: 7f5e934c71367b7cdc6ec4bfd7f9c33f
SHA1: bcd9f3539edd39b9e903ceb66a93e411f10bfe65
SHA256: 790c803e5051d08da2a0712ddfade9921fd2a74f586719310c41b1bb46f8e96e
SSDeep: 24:/9EFLa82dw7iaK6ii/1v8OoOiRuEznNM5dl8e56BDbyAnQKDujez:/YGrCMi/1vVoxQEzKdGeYB3yskg
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 64.91 KB MD5: f5cfd21bda5d74ffa7dededd8b1d0896
SHA1: 32a2b50b40514be304b9ca00613f1b34cc17e280
SHA256: 9143ec7819405e86ad7623e941f7106131b9a8ac66d5cca66c68dfc54074e2e7
SSDeep: 1536:Bn4orZVVhIOPUfeshY+gMkm8mVwcKIDwz4txBOjKC4cf:5rZVVhIOxJ9mtTwmBsXpf
False
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.86 KB MD5: ef103b4f38fe617ff509644be9ca80ca
SHA1: 9a7bf4ba24aa610c11b0c5fe227cfafdd9635058
SHA256: 5f4375fdc38aceb393eacf8cd0c6942af37155bf48a162a0d2c9687318f9a3e6
SSDeep: 48:4yNunELGTiQAWShW0ibRZGxZU79kXjGUsadQrCI1msN9pldkg:4yNawGTi2xrrGsBkqLaSrf17Pdn
False
Host Behavior
File (1871)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\pagefile.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\Hx.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\Hx.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\nslist.hxl desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\nslist.hxl desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Get Info \\?\C:\Boot\BCD.LOG1 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\BCD.LOG2 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = size, size_out = 89168 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = size, size_out = 87616 True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = size, size_out = 91712 True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = size, size_out = 94800 True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = size, size_out = 85056 True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = size, size_out = 43600 True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = size, size_out = 90192 True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = size, size_out = 89152 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = size, size_out = 3694080 True 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = size, size_out = 3876772 True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = size, size_out = 1984228 True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = size, size_out = 2371360 True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = size, size_out = 47452 True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = size, size_out = 93248 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = size, size_out = 90688 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = size, size_out = 76352 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = size, size_out = 75344 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = size, size_out = 485760 True 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = size, size_out = 88144 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = size, size_out = 90704 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = size, size_out = 90176 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = size, size_out = 89664 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = size, size_out = 90192 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = size, size_out = 87616 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = size, size_out = 87104 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = size, size_out = 70720 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = size, size_out = 70224 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = size, size_out = 70208 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr type = size, size_out = 383786 True 1
Fn
Get Info \\?\C:\bootmgr type = file_attributes True 1
Fn
Get Info \\?\C:\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata type = size, size_out = 479 True 1
Fn
Get Info \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp type = size, size_out = 2913 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png type = size, size_out = 44488 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = size, size_out = 251904 True 1
Fn
Get Info \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp type = size, size_out = 17707008 True 1
Fn
Get Info \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png type = size, size_out = 39379 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml type = size, size_out = 1334 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = size, size_out = 1334 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml type = size, size_out = 13427 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml type = size, size_out = 1512 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml type = size, size_out = 11364 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat type = size, size_out = 262768 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat type = size, size_out = 4627413 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat type = size, size_out = 8 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat type = size, size_out = 16412 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat type = size, size_out = 49180 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat type = size, size_out = 1897 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp type = size, size_out = 48824 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp type = size, size_out = 49208 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat type = size, size_out = 40 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = size, size_out = 1345 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log type = size, size_out = 0 True 1
Fn
Copy c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe False 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log - True 1
Fn
For performance reasons, the remaining 862 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (19)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 31151536, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 31151600, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 31151872, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (36)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 15
Fn
Get Filename - process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 True 5
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 True 5
Fn
System (117)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 107
Fn
Sleep duration = -1 (infinite) True 2
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = System Time, time = 2019-04-12 12:28:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 22183 True 1
Fn
Get Time type = Performance Ctr, time = 6575364508 True 1
Fn
Get Time type = Ticks, time = 23977 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (154)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4200 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 3
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 2
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 6
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Create mutex_name = Global\00019C354B4201 True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 21
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 11
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 59
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 6
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 10
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 3
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 2
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 6
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #15: exec.exe
23 0
»
Information Value
ID #15
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:36, Reason: Autostart
Unmonitor End Time: 00:01:43, Reason: Self Terminated
Monitor Duration 00:00:07
OS Process Information
»
Information Value
PID 0x570
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 574
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
exec.exe 0x00980000 0x00995FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
System (5)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:28:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 22245 True 1
Fn
Get Time type = Performance Ctr, time = 6580429798 True 1
Fn
Get Time type = Ticks, time = 24008 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4201 True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\00019C354B4201 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #16: exec.exe
31530 0
»
Information Value
ID #16
File Name c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe
Command Line "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:03, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:01:48
OS Process Information
»
Information Value
PID 0x5e8
Parent PID 0x568 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 604
0x 608
0x 5D8
0x 5D4
0x 310
0x 60C
0x 61C
0x 684
0x 7D4
0x 494
0x 354
0x 7B4
0x 7AC
0x 29C
0x 46C
0x 420
0x 6EC
0x 5AC
0x 768
0x 52C
0x 318
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.08 KB MD5: d918d97822cdadf6118802f2c9bd1caf
SHA1: e494a0a60f0efbb1545cca014068646334ab4e84
SHA256: 37337ead1914f05eb7f90d4a51834828f6f8e83eec68ae059654255d472ab1ad
SSDeep: 48:nYKFmuvDAQevBlEHDzU3gYmkzL/YB1IcmXCnHeXysAhHN:PF/BNDz9izL/yak+XysCt
False
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.03 KB MD5: 8f176ae612c7fc6dab561e961682c008
SHA1: e881c022c29125ac6203e703c86b532532fbb13c
SHA256: 05db3b263dc8760ec09528c3169c9c2f189bb7c2638c217fff73951bb38de38c
SSDeep: 24:esiuLm3ZoCvvxagwTzuH1gDRmZlwM65cW/txygHNUysAhrNhN:8bnLwnEmRqlt6aWF/NUysAhHN
False
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.67 KB MD5: 56f1f846dc42b417a1fc636da7de5eb3
SHA1: 38a22fb7dcf2a3e1d8c0225c412932eb78e95652
SHA256: 99732c9bf7d0ddd3f9b9d3f62e948ab382f580047ea72df604310ce821eafab2
SSDeep: 48:TXzYr91hNEhTRZeGzPIZ1oy6m9ugT8sBGXH65f69I4ysAhHN:3YrnE/kGccy6m9ugT46f69I4ysCt
False
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.55 KB MD5: 9fb521ac0c0182811cefc302f9b2bfae
SHA1: 8b53fcf58bce9ee660a896ddcc9ea3b0c37ef45c
SHA256: 1bde215315131bdfdd95eab5f16df38ddcfc94aeadaaac70f138267cf2ed07ff
SSDeep: 48:6QikXbLxv5ypyTMs63uT/6FHU8dCGjhieFXeY6Y1RTVBpz5wQlzcbQuhysAhHN:6ZILxvjZdTyF08g8FdLTVWQlzqQuhys+
False
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 3.14 MB MD5: 8d68da1e5a9522a709abea5bb73058c8
SHA1: a7b9da596de176fa044259f0d2a9dc0b46a87b02
SHA256: af50131f7552084dc3b8f4ab321170e74346bb96fc16a3de0d6cd48a4c9f1a47
SSDeep: 49152:zDxL8QBo6Tex4S120ytJysIvA0AFtsYjukF11T6:zR89j11AxtJTv1T6
False
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.66 KB MD5: 31bc0466aedad2b9b7106d09ac09fa32
SHA1: 7b5547e15abe39bfa2b9e5d7f034c48c9608123a
SHA256: 633689698a1392224349710a81cd096c7d3fe7044cb173b89d7c0fffe243ff38
SSDeep: 48:QM/ol7pDtZCwDYE+ku9YWP660BpHHysAhHN:Q+qVt4EtG66YysCt
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.06 KB MD5: d8825680b491412488c1d92b2c70fb25
SHA1: 9017442b29231d29899f2f08fa5f3cc15c152cd8
SHA256: 8fa2f1862fde0a1507894c8d51dc17d1ea3a9d78b0aaae5efc6fad4c799d22e5
SSDeep: 24:53r7iamYaFSPSfvNcR+vs2Ig6IXIird9vfKxJScF/ZysAhrNhU:drmamYE624IXFd9vfKvS0ZysAhHU
False
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 6.35 KB MD5: b0ff76536e409953e212ee73bfe30bd9
SHA1: d77b62dd1af6b4c88f0928eb4cb60d75e34639a5
SHA256: d5094c50ef7b8e816fb6929e3fe77dd467322b8a5971f5e734b78b5758047c53
SSDeep: 96:yyI/cdBWu3AYqS82ywpYNIJOGKwKMvllpkN57r0gSJ1DIbKBMQysCt:/I6WuwYc2JdC+nk37Ig4RIbqMQynt
False
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 582.61 KB MD5: 63283f09713fb7b3d60d5e6270c91cdd
SHA1: 7b7c2eec74f43b4ef1bf3f3ac23a4ba9c959eb5b
SHA256: a3737bcab3bb77527ed9349c2b8d88ba0f55abf298bbf82cd467073ccc9d4476
SSDeep: 12288:wCSJlQprbgQZWPLzsVoZPaqzDx3aMUsuw90JD5ApZIsL9U5+:Rpr9WXs4aqYM37KIPIF5+
False
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 8.77 KB MD5: 06c00d7ed2007c183f5752e1648f2fc4
SHA1: 5ab771bb73090a7cc4f9cc51dd032486b942397e
SHA256: 5b373f3c65e5aa0c45dc724a6bcebb439ff643fc2f3c7d45627c3b42453b1b06
SSDeep: 192:D50yTGN/BoLepa30ibBzfqazBlnourz+46KmUCZWK7WGlzSIynt:DSACpo6sJzSavnrMUC57P2IM
False
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.25 KB MD5: 50e257ec5fd99af8252a8cb66949ba37
SHA1: d342e8a6e0071496174fbff841ca442a7c060a15
SHA256: a6b23e62c4c221bde03591407ac2bbd1c4af3a9a273d463f9368ce05e83d3978
SSDeep: 6:S3+w6dp3jkwdeAMQ0ysBSPZtEZPQNLVfjKO:S+NDy/ysBShrNLVfjKO
False
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 42.53 MB MD5: 4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63
SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f
SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj
False
\\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.00 MB MD5: 807487b6b6320ed02d565495c1291d86
SHA1: 2b57a68e3f3b1857c9354506d703999e2d415c28
SHA256: 83bb72ab60ba9bca76163a36564a0b99965d32dbf97c94c713b7609645a4e15e
SSDeep: 24576:wOlR+LwO8lAQdyqULi6tch9xhfXlNBoX99q:jILfV7qUO64h9N8Hq
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.61 KB MD5: fb9640b3784c672527a3ecc82a0cbab4
SHA1: 58286cabe25d3b4161fb5ab9aa38fa90fdc5bf1a
SHA256: ea8e81b5bfb2405cb88383a88f9b3280b3158f89f4c693c77b6d76d4e09b2e77
SSDeep: 48:uBHolHP853d8PdjqogPHkE2YgGkPvJSKK7nfZEi3pLVhjWldDr7Y5Gx/2O6lxsyU:uRoJ2N8988zpG6AKUfZpUDY5GJ2zlayU
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 405.72 KB MD5: 0cae151e0db96009948f99156ec59ffa
SHA1: 9662a45ba703f8042c79d9570c5f19b754f7c73f
SHA256: 772e4d7eadc3c091e3e6e115e977f38c2ab78d83447c85f02ff5d154af97b05e
SSDeep: 6144:ziMvccr0sQBzjZyrb8WSgN0O5reK0hpRjrBjpkB1Fh/WZZ2UmKPFCqElDepeMFdR:91p0Zo8uNF5qK0hjrdQ+TCNDepp
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 189.85 KB MD5: 38c3634de1c4c04e9cc206f5ccab1780
SHA1: 2cb9be56b34c9f30e2be81c126b6daf2385418dc
SHA256: b19bbd38d1b46a9b6f5dcbcff03acbb46888d4caab5be09b350cd75048a26eb7
SSDeep: 3072:0SvKqQdGGRtS2t0p0b1dC6QpLwhK2raupOUCeiKS5JVO7RMscA2m6vg5kK:9iqQdyprBwhJWupOcFCJVGSsc7vg5kK
False
\\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 21.78 KB MD5: 287d9da0a96e591b14b5ca77c510e174
SHA1: 259b6b6b9e94e0d219daf20225b492041e10bb06
SHA256: 8cb918c4cd76c55c9de9cd7c8241981f44016a3b9206690067b64fbfbb749234
SSDeep: 384:QuX1GAppvxK+jCSyY9slhpn1aMveezLIzE20U0zozivr715B03IU1hVYZa91:QW1TnoEv9EYMGUt/UegAHB/U1hik7
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.41 KB MD5: d084c8ebff55be647bd9687124902153
SHA1: 463fa10aa67bec3496d7f9804a53b8b0e7d9445e
SHA256: b040d17aa6ce2e17c140490a69aa47445acc370ef39c2fd441b6ec94105a3c09
SSDeep: 12:b8ncAjdSS4hHM/z+qanz903N64+ysBShrNLVfjKO:bgcGkSsHM/iqw2N6XysAhrNhN
False
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.67 KB MD5: b6bb8a22ce93d4a7967986b3452ef2bf
SHA1: 6f4f30f59b407cf5a030c31b1dced59f0882e652
SHA256: 78d4cebc7f2a2ca98c0ab287dbf603088c051fafaa77d723f89e3e6991af95a5
SSDeep: 48:EQ7gvDSlcmqMHSRj0dBqvUgIId8gK2hJUtAECysAhHU:1gvelcmNa0dBqMXgK2jUt6ysC0
False
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 3.14 MB MD5: 3b8291ef9e3ee89aa457e04d28dc738e
SHA1: 05f45a015811d7ac339a33921de9727cc6fc70e7
SHA256: 13df80f556dba1159bcea35f5b038a96ec7bd229c4cc3c1ece7e491d0fcc55c7
SSDeep: 49152:zDxL8QBo0Tex4S120ytJyAxb3gIoHPtrgD7wAs:zR89t1GQfV8X3s
False
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.67 KB MD5: 5ae7ca1e840b30a41d5ab8215387cec3
SHA1: ff9ba57f8ff76a9570a55e74ad8a6cd21e5a767b
SHA256: 349da2736076780c77bd2aef1fef275f553e76e9f5ed6fa016e158740a66f50d
SSDeep: 48:ltEn3LMns5nVIN0SvlVe6P1SiQBhvAebizXysAhHU:ve3LMnsBVtGVeCszAebIysC0
False
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.81 KB MD5: d30b00a4afcc2fb5d944defa44fd8f85
SHA1: 9829ed89f1a4946943a1e013b55de6cfce7e4e29
SHA256: afd8488bb139fcd9aebd0d1cc13c80748980e2276c3dc1f77c1b6806e0581cc7
SSDeep: 48:XSNwvfw7+Em4P5CCni88iwSywFVJxnQbysAhHN:CNJqmP5/nW8L4ysCt
False
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 3.36 KB MD5: 121334b4afc82a08c0d26e8d4baa30cc
SHA1: b1dd427a564e270b412bc05f5d7cd00659c62b1e
SHA256: bfdf15ed09516e00348b477db06f77a517ba68a5ff2b2e272176c223d5577396
SSDeep: 96:zhM/MPkkYH0lD/JRD2msuMyOPcl45VKYysCt:lMU59MmEyOCuynt
False
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.61 KB MD5: 1b1b5f11c0758f328f3e33c0dce16c6a
SHA1: a8bf9155c2df984f67b0bc4ad11004f8e05c389a
SHA256: d46ecddd4d7854f881663419ddb15a7d66c6294019cea18e430766a98dd6d198
SSDeep: 48:eQaN0fTmMSyOZ2LfolECbO+XFRU/s+ZCiW5iyWUBYk8lm/UF6vnViuqggH9sGi6m:KNry2OQbLFRUE+ZCinyWk+gsYwcgH6lV
False
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.35 KB MD5: 07ae2524084598e54e01bdc5f1698e0d
SHA1: 46fa62d4e68f065c4a59750b9e4a041d797dfb62
SHA256: 0ec68e46ed24aebe701928354e52a94d5267ec7f1a128eefe7f060d3feaaa0a4
SSDeep: 96:d1mQO78hDUyWJGbC4mR+7IP8zETqhLtiYn63EMW4spuVxRQcU+adkeQsjqOysCt:zY7sI8C4l7I8QItiP0bhpwU+IQ+hynt
False
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.00 KB MD5: 31ca7028dba42dcfa431cd1ef6e535d7
SHA1: 2873aec9a617d601df082aea02e3c612d6b66a50
SHA256: bd55b0dd776fdbe69bdb2238e458f592006e05c6e7a2374790ffc0ef407c5fb6
SSDeep: 48:JzDv3iviu31H6JNCxB4pOcB5mOafXZUVt+UVWntysAhHN:Jz7ilVXxBMxB57afmHotysCt
False
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.56 KB MD5: 87bc23c4e48b167162969ea6eaab71f8
SHA1: 02bb5569d37b73980b28b63b1b20b014ab76c797
SHA256: 50f8aca0a904869e359f6219789ebb658f03a97313933eabb000207a7d48e5c9
SSDeep: 48:HAuEcCK4M4bufIAigXS8+cxEDHKN2EhBxFtysAhHN:g1BKzfIAiSvxEGNbH3tysCt
False
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.67 KB MD5: c0829a7a4be1c63a87a95983e890b756
SHA1: ca79702b671e07a241b99dc24c62c46b3abeaa1e
SHA256: 697aee9ec35d8d83e3bab9b23d406954591c98f510bd0a72fa4acb1fedc04c3c
SSDeep: 48:aB0DTupPs2zb+MEIuB4Abw5+899lO8OyFY+iQ44ysAhHN:aB0izuMEIuB3899RRFY+1ysCt
False
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 5.99 KB MD5: 175145a3ed37410e48b6034dc8d1c71e
SHA1: 29aa459a628370aafdafe9295084f45d8fef1a42
SHA256: 6157aa6e881ac1c465332617ef84da34d90e4dea7b7cb20f3fc92a7711cf4283
SSDeep: 96:h4VCuhKC2tUg1tYrPu/f6TGUcX+mteiQl3g9lR/IaJAFelvMynrT7YyysCt:6KZJtYrm0t2DlK3QL/IjFexb7tynt
False
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.94 MB MD5: 2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07
SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4
SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai
False
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.60 KB MD5: e1787e4ae2cfce44ff13370dfaca935e
SHA1: 806e4aeb242707fece505963ae13719264c4de16
SHA256: 1d9e37278be75399e83467f8501c5748863f9c09126c004e5214e2de5889dc5d
SSDeep: 48:+g+CjDIFrmQt8lKYJXFwYN0TB3feFXl0PfysAhHN:+gBjDUme8lH+Y2mF0ysCt
False
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.44 KB MD5: 6bb3ba9f50a4edb85f558a844f1c3017
SHA1: 820f81ec584899c958aadbea4ade42fad3af992f
SHA256: 5a0e7b01a5cc71b526612a1f68f711c4e7c3d26c3a83c691e7d6f3dc4f5dbd7a
SSDeep: 24:n68yeZRxYkPZhbxU3bUouc2yN4rPJ5IpXnO4xfCAZ0MiNDRer3ppr87sKysAhrNP:nx3RwbUoaycCpRaAZT4uHEzysAhHN
False
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.05 KB MD5: c3e4f89ab3ac9a7b2569d93206079b38
SHA1: e3e13527b47ff1e0fb909b4bb2a27cd9ce94d7d7
SHA256: 2a1dfd52b5a5504582ed010dc12d377ed272ed336408d39f6b43394df0fef217
SSDeep: 48:8vmwjBeA+NCjmKu2nMZtARnQ/FwrK0peH2sqysAhHN:lkBebqu22SYBaysCt
False
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 9.52 KB MD5: 5b7fc2e1f5b5d6e9dea071c3fd907ba9
SHA1: cf4576681fd09ccc761b463310cf35537fccdb92
SHA256: 6bc35577228afba890e689767ef69e5fe9c36d68634693780cc1b4438a00a8ef
SSDeep: 192:V7yVIuP/xXidci8sFd0XnsY8o1DRs76MPED1FxmpHynt:MV1/xSdci8sn0318o1Di2OsFcHM
False
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.81 KB MD5: 373b584f97fc27d42c300f0980b302f0
SHA1: 9f3e1cf04b3b67708ce816d5abd1c675fd65ad55
SHA256: b370a98c8e5cb85f7532e68d3a41a5cb454948ddb78c8e7c398a8c8329a2696e
SSDeep: 48:OvolcAF+YySED/TBKgYBx+AzP6qQ+aysAhHN:Biay71KR2Azx7aysCt
False
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.19 KB MD5: 910d36c6a67d9e5502daa083915f4b55
SHA1: 79dc12a3f64cf14e64971947bfecaad379c5a6f5
SHA256: 91e1d979f14cef41dec0d1f134454965261e1d63216012c2ebffb5db1b868d3a
SSDeep: 48:JHQ/vhfSKQpjFUVkDL+VWH5wY42YLTozOuS6V2q0ysAhHN:JofSKQpjCKDkWqfLSwPq0ysCt
False
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.66 KB MD5: 639b03f4df45b3fac44d35b56e99d8de
SHA1: d67de51587034c60eb03edc9ec62f5fef6259415
SHA256: 0028594c95fcd330a39e102cc0690c8f432d4ecea5407c900c324e8131b41c96
SSDeep: 48:YvRxF+/TXdDnIOYd+fNmGaoEXglG5ysAhHN:mRxROlCF5ysCt
False
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.08 KB MD5: f7602a72f850edfc99fefc732f5f8960
SHA1: 68f38aa52677f1f57e94f2f3972cb6c66ccfad16
SHA256: 56a77324b15dfce5281714eee06d0b3b72db4a98fdbf5a8f1ee4032b14202dd6
SSDeep: 48:oPwXASBOjaNzwRv039VkAMQYUdKCCjhDWEQCA0l4LysAhHN:osUEcq7PYUYCCjEEQCA0YysCt
False
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.14 KB MD5: f0987f178fe6f595326142f502d06519
SHA1: d271896801eeb07c76b8476cce89807349b2a3d7
SHA256: b422bb3e45c02e8ad947f71d07b1722a9d8162d69d5021fe60b5866f322a11d4
SSDeep: 24:iNPXijjuHSbVYrz9YZFByz0STBAHhsuf6V++b4TSu/1ysAhrNhN:iNVKF8Ttuf6E+WSu/1ysAhHN
False
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 3.15 MB MD5: 4ccc0e4cfb5ec4ad2b5fc5bd09a8ffae
SHA1: d06634bbd08ea029630f89f191a1a015b816e9a8
SHA256: b83526640cd0a48ed7bcff408c681fa9f99e80863630654669aa9723685ad08a
SSDeep: 49152:zDxL8QBonTex4S120ytJy0uznKBdMLYrrXGBps/HAl29TeQkec04F:zR89K1smgdTr2GgM9TeIc9F
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 582.61 KB MD5: 94c86969bb0cc30a9ad09cfbf38cc34e
SHA1: b9c7dfc4fdff78dad074286615fb28e573e877e0
SHA256: 5adf8f587ed53fa3ae24e5b5d6ac8ce7554e066f6b0c36589e466d989c3bd2f4
SSDeep: 6144:GbFjBk88d0jVEqGimuJNZ8F/2ILEHi/cJ63arm45pWOgB4FFUSQ8pJy4yzn0yeLg:w2Rde2g/m/fECyyaLpWOgK2xqJy4UH
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 5.67 KB MD5: 212c68499fecf7397c18fe0269686014
SHA1: a3e03701cf43dee3fd42047d6834682bb7707cd5
SHA256: 7d6ba43c5646ef55c253d6a9382104b4e38146cd0c153112b3c84e4e362bd7f2
SSDeep: 96:9a3059mqg8F0ugS3LpOUXRdJ7oJrz9ca7WCldmLQ3lFN7Fz4LMnsAa/b8AsZkAGJ:I0jn0gXx7SaRLSlPFMQnA/AAsZDynt
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 26.80 KB MD5: 0ec8e516a113ba878f493e36a020a636
SHA1: 5b00defecfff51b5153beda1d9a50ff83395ca65
SHA256: c8f0a788c408655cb423abe901d96e1b1c430f23210ce0439d6122b2da53cc5e
SSDeep: 384:T48s82sLhL42MccWztjPQZtmx3BLJaz1tBTMxaZwOI6V0hYD9aU7UtRjMxtM:V2s1k2McT5zQZtmx3zauxau8V0hhf
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 65.86 KB MD5: 28d1c37eea3e732aa96bd4af76be9b30
SHA1: ae25bc44feec97f7dfae114fa4c17364168861c7
SHA256: ec5abeac1d4c7f91a322fe4c4d34434a658e8d0daa53f74945c29d81a0281f0e
SSDeep: 1536:Oe8Gz7Qc3kTaIRLfdzLHo+G+bCvk7inafN6Gk1A2Lbf:gcoaIRhzLHbG+b/inafN6GmLr
False
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 9.38 KB MD5: dfc0e62cc8a19f262e6357f3c3620d16
SHA1: 0223af8599083a10d778d1f7e9e178096ff02a2c
SHA256: 126ae45d83bc0f12221daa666d78572500a232e51702c6684ef4db4a8964bd68
SSDeep: 192:HRF75PhUAvlUGD7vMVDMw2mRyXWR7e4lSLGjXez+qy5D7m5lZqWpwli1pV7qM2s2:Hr7RhFvrzSDMw2mKW9lgi5O5lfhd2sYF
False
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.56 KB MD5: 23b3ee54a02ad0de8c521007bf14f13a
SHA1: 045364a4196671d2edb2c04e741bc3db6f899071
SHA256: 670865cba3ac36e1d7531f218fbd21cf02e18b2a913e8a281773f7be6b84f5b9
SSDeep: 48:HXym5l++k06+p+8wzSc2oXCK98e2WNM2BPT0ysAhHN:HXym1syqhF9yWN5T0ysCt
False
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.06 KB MD5: 0611e006f3058dcef6876774bbc2a4f9
SHA1: 62b8f5fd9f44e2d8744c7083795637e5c9af35ed
SHA256: 0b4074ac05670469fa9b9100cbc139419ab27ff3b16aff2676cc94eecc816f12
SSDeep: 24:NX42ZfwVowsWX4nvY52smRN/2rgTi7ovfysAhrNhU:NI+YVrCvY5M/2rgTi7QfysAhHU
False
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 10.25 MB MD5: 5b10e2665f94142402ff6fd0b572b3ff
SHA1: 21ef09db60cf1d4ee64e930b00abefe63d813655
SHA256: 19054bd2c597323dfc7bd57085ae5b243e441d0e48ea62563ff5f2573d91e249
SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+JxF:MUvTiNhU4L7tZiTnprP0txRsJ3
False
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.42 KB MD5: 80a50d7e6189a3c8d7b0bdc89296474e
SHA1: 313d84af60ce5e6183905818f676f1644a6dba7b
SHA256: 40f8991b1a07c66942cda4243753c904b740041f823125eb296cf9d5ff09229f
SSDeep: 96:iXbupO07VMzd19LA2B7HyGUDTqwseuq2qrbOahBcmrS/ysCt:gbuQ0xMzd19s2gNspqL5EIS/ynt
False
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.71 KB MD5: ea9f485365bd5e5bc3a178d1b3576ae2
SHA1: 04ce905569adfaa26012cc469e6fc041aeb53fe8
SHA256: 93c206fa8c58f849534fe6ba6818422e456c412efa7bc432ea86da6e4dc6faf6
SSDeep: 384:Hv6aDiyVS1r1cAc3prle3nycfb5w8w2o+TNdSB59lSiy1RY6dlM:P6aDiyojcAQM3nycfxw23NdSB59IZRYZ
False
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 30.61 KB MD5: a4d02e4a62410823b845dbdc786b019e
SHA1: 3d51d4d49702e376c6f46a9e9fdd270bb85534c2
SHA256: dec7757f7aa9454d8dbc9e1c587e38efeff56ad4f1f1e7b9014262110c63cd7c
SSDeep: 768:okRiiTMtL5bn4WatdxQZyDgQHa/XQ/HkpO7gSP0Jt:okRiiTMLxZZyDTOXQspCgg8
False
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.42 KB MD5: 0784f150b88ceb4f8e3c3fb033364ac7
SHA1: f2a1429450170267894236cd8446a1dfc6509663
SHA256: 6db9542bc4e4fb260a2bc7ac3056fcc434e5268400e8eba938874ba6d47819d2
SSDeep: 96:cE1s+a6UoClfkGYnXbZkqjNjb4fqGlNaAocFT2T59qro6LE4/fY4ysCt:cEa+aHlfsLZkqjNjb4fqGlVxh2V9KJnk
False
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 6.52 KB MD5: 4e9603a2c5a8d30e706d57338270275e
SHA1: 0ab2a174f8eb749394f644ffb2d99e883db1d352
SHA256: 2f0aeca3b8ea8b4d61b179fb2a0f7a7019c51fcdec53089a3bfbc01a4d68c884
SSDeep: 192:uu5shGBWgAhXa9kY5FKAuKlZI/j5FIopA8GpMTynt:uoscBhKXbYnK+lZM5FLp++M
False
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.81 KB MD5: 7fa1116002c01e1c0588a792fd38f3fd
SHA1: d4439b8e5a302b72b6c82a249fc2e5915596eada
SHA256: 0ffd7a07de5876951f4716bba7e31795ebc70dfcbb1788f91c94cf9f10c66482
SSDeep: 48:Pz47g+E+d1PYbHxTtS0vzQjrCfy1XB4uJRatdcSqr/e9Cc9rDysAhHN:cXd1iHxTtder/5zJ43gHc9rDysCt
False
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.53 KB MD5: cacfe7c88081a61991c4debb7501ffff
SHA1: 88d3e8591b8722067c0973685a8f14a706c5e869
SHA256: f87bc677e549159d5c5c3be738d2f65a2a31b37e071e002b5c6a39b3f8114fd2
SSDeep: 384:bRQs8QPHjr8LC7X+zH4+VC1phVtzg9O2dsMUixUypcA2M:b1dHPGU+zHpmVtCpdiOdcAj
False
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 67.85 MB MD5: 6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d
SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774
SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT
False
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 20.35 KB MD5: 2c6ffb9e78c2131f6ba8dd0c752eae69
SHA1: 826b677900be800371846c7b29655484b88a6264
SHA256: a40e6ab75df0fed6cc3576f54ed819c8c0308a323a9bec55df0706afbe0d0c72
SSDeep: 384:UyEVxvHiLUf3sF7CzRjHCzZslMvtUx0stvQSbMmO/0hrX/6uciPh55jswM:NEvvCIf8F7sCzZIEux041ZEKk
False
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.42 KB MD5: e3fa4a57759c5490743d03b388c5303d
SHA1: 72eaa10dcf422615a53093e8462bae1e4ef49e77
SHA256: 1756083ace71d87637cb09207fbf17734a3df4fbc5df6ab973130ef34f2ba534
SSDeep: 96:BlbEMdCAd0gaYq0pHCtvPUYuZDjLJsmfB7cMEHm2X4ysCt:3bEMdPx+01yvPUHZrJdfB7lEH34ynt
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.75 MB MD5: 12c462b050c15147d01abf1943b30c20
SHA1: a5b7114294698d3d5477627854c87e84eccac8d1
SHA256: a508f716392c78a74f96c58d8ad8fe112a03831d9668ee82a4c814c4da5d49c0
SSDeep: 24576:t6PoTpvfb2hIgGGnc7XTrHjurYMWjKcMrcR3:t6yVbrgGSk3Dupnc2o
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 4.75 MB MD5: 68fc63af37ea5326118b93fb913bb0c1
SHA1: 8106c59632e56198f491b03a7591bd511d6c4ae2
SHA256: e07f8f894d29eb22bd1e4b8ed798baee50c78f91a91fa38e4b5fa648a0121a7f
SSDeep: 24576:ppuMOgCMzPuPZ4IGXlx90UrKU0KXYOXSOtPH+FXU:7uECMzPiZBGXlj0UGxOXS1i
False
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 14.88 MB MD5: 0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35
SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307
SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ
False
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 5.16 MB MD5: c48c8785ef8176108656251443a27dd2
SHA1: e1ef4ff7389294fda0d0e0744d5733d2bbc2dfad
SHA256: d95b70a3003764c04351bdfc442cb2568ae1dd8e3968ef757dee599bdf58ba97
SSDeep: 24576:lrbTjo/xbtpf/+JsmdgVEvbC5tIf9Cd3u0Y5sbO5TvaootzC95top:lQ/JP3cUIf92+0Y2bOhv9qzS5i
False
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 256.86 KB MD5: 615c5dd18dd80442f730d7713bd86fdf
SHA1: 23c947def93e3a1b03046d1cefe8dc1fceff5f7d
SHA256: c08d1bdb9de084a9bd128eecd6c7a8e304f398af52ff4ebf4a09b25815363335
SSDeep: 6144:rS5jeyYjFFVjE49327rulyGzts/xMxq4yrFntmdZepBJ/D:rM3MFRnurupts/uq46tmdYpBND
False
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.28 KB MD5: b4b10617deab7de4315979f4ecec9c76
SHA1: 7e4041e0bb9fb712cb2ee807f411f2bd9a624c39
SHA256: d24d497dfd3f1c0afba54f39ca414b52ba586ad959e6486eb0925eb8a4fe4135
SSDeep: 384:tHAUYWu3Bb0+uEQkrsApiwtUDlah7O5AB4LgpRrl:dAnt3nuEdrsEilaR4LaRp
False
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 48.28 KB MD5: 67fb37b90f251a7f99aa4d3264514d59
SHA1: 6081473fd5b1834165ae675d5ca675b4d3ce9d18
SHA256: 51b9b9b42b16649cdd6d05a80631d6dce042362e0594baa6989ce1eea24f8ff6
SSDeep: 768:aj2iAkwfTPDDrJjDGBRJGFo1nhsJOIEcHdLxB3SUR/3B0OhEhqztYjy7lAgM:aj2iAVbDPJjOl1mHdLxB39p0ZhqkMAb
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 48.30 KB MD5: 19fc9bbbac59a292def662893cbd60bb
SHA1: 23e474f317f25564d3f10c7bd77a118c97540adc
SHA256: 193e6825bd09c5568e7dd0e26541e0464474f116472d5d8f26db60078afc44ba
SSDeep: 768:j0t1KxTqJko8i0M5Uv49961iYucYTJy3gBIbUvJR1ffASWo13pX:j0PKxTpoziQ99615fYdyQBIo4o15X
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 48.30 KB MD5: f26dc163431e2a30c294991ce8e7c8bb
SHA1: abb57948ae54e60446a5560c8459de999eac1911
SHA256: f09359cd02d9221b3626dc6fac1fd958b700575a0758c490e8b69b6c25cb4702
SSDeep: 768:02tjJkLZj5sT6X6yxQHrcglPnmiXMoLYYQfirGqIyCDae6m0RPgiZfi9Ui9Iic8q:0mjqLZ2+PGLFFnuFHfKLlq9UAJzVM
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.25 KB MD5: b438df2859f25bb3bc98f961eaee8fc1
SHA1: 8dd43e8167275f40758995aac5216968f18bb0c5
SHA256: 8bee79a526ed4698272ab73ad7b93f0918cc56cce8470cb1390b1fb5e41437e8
SSDeep: 384:o/wMGkXZLLwvlN54NxINIAGxeIJ1FUmEnW00PJzM8UNfwusbnM:opZ3s+sYeq1eY1z5Uhwud
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.38 KB MD5: 64cdde3a12607d0288ba8697cffa09bd
SHA1: bf48fc77565785176c30b3dbaa825d9d2640e0d4
SHA256: 1550665017914f527507f146c51ae0685c13cf29536c67fdac0ee9b0531a478b
SSDeep: 24:Zhc8PhfAl1o28Q+4TO+ZcjHYBSQ2fjAvSiGooU+ZmPwg/ysAhrNh0:Zh5sqZJKufCSloh+0Pr/ysAhH0
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.55 KB MD5: af659f17aa8efecf427326c9fb535fe0
SHA1: b3d055b687b22e67c96b8b92a2b98de739bee710
SHA256: dc6ff467e762458f35e7433b123618a1f19553675d6a48c6975b8d5b7f6b79d3
SSDeep: 48:vBYsEVeNpVZg8q//Qzp3eY7D5x/s1kI2zIX4ysAhH0:v1RG/ce+Drw20oysCU
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.61 KB MD5: 315774831d6f29ab541cea6fb6347bcf
SHA1: 8fd9ead6e56298dec5703d4a53745fc67e78cef9
SHA256: d3d144d229a29d6d39d7cd4ac46b00a612e175b02a13d145cbe2d052af62b8b1
SSDeep: 48:J1XqpQLt0DqdLVQeixxtg6fIPSh8OPVmWaT3DnV/RrRjRDhDmO5nueLnwlf6ysA6:JY5DqdLVcxxt9fAXOPVmWCVxhHnu4nww
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.38 KB MD5: 3b3598f925ac224344f161891eb18c6b
SHA1: 5cb0dfba0c9b16cf74d88dd724ff32f8d5f94b6d
SHA256: fa01951221cd63d6c09364eccd1cfa898daaf0ba04d290ebbbe192a87b157b48
SSDeep: 24:HetUxHjjQ0/EBcVonH5wkPq4Z93SQYvwczJlTBR310daIu/ysAhrNh0:UUpWz5TxZ9nYvwkh3ydaL/ysAhH0
False
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 3.48 MB MD5: 1c69b51ad14d150972b0841c2f56b917
SHA1: 5b497f2e8bebb5c0e58522e6e199a50f858eea6b
SHA256: d87b5a619fb4f22fdbbfe25ad2b01eba20aa7506e8d2e61187317032ddb772c3
SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6u/VEkGZAF+kky6qmQOMI9R:fqLVW6vK/VEkGaknyA/H9R
False
\\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 189.25 KB MD5: 28c94a5ab30564f3e2afaf19f9a8e45e
SHA1: 4c99668a00931e5bc54f7e3c6376040965456fde
SHA256: 05cb420c9f8c7f75467ee74f0c58d84cbb73bc7b55dc8e9c915950b3f1829b0a
SSDeep: 3072:7nZxYKIN/YvqEGzSRmx/nh2Pr1D3XzKfg+KM8eXWCKO4Kj6s8g71yOvzxfkAyQKW:7nQKIavtGzS4h2Pr1D3jKfgXaX7kKj66
False
\\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 28.56 KB MD5: 94e2c080c25fe099919423f1b8760d97
SHA1: 66746abcea38c90361dbeaba8ba4fe307e6618f7
SHA256: 446dbaaf22bc9106f6aab45b2e67763308f1bafed679c04042124297ce40ff75
SSDeep: 384:16qrA1rO6NELRXOIWpveeGdoFAk+3Fjsd2Mfstwc87UdWvWgpCKxia6YnI+RjZG3:4qk1nN+N3sdv9gcv9ia6A1vtnDptM
False
\\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 21.78 KB MD5: 7d4e40fbcccfc6688f0c5c066e073bd7
SHA1: b121a884ec0a3e6f7fd287397cb7f5920245bc27
SHA256: cfa38e2c093b4344ec1d46cc3e2ac5205e66fbe0745b1f44bff36ab19d067fa2
SSDeep: 384:OJhopkiIBkjrLiHg5oe0WLkaTFS0cAUfh/oZyapBLNZyDIsY1:DpkickTmILksFPZUpyy4RYUss
False
\\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.85 KB MD5: b6ea1d338250f42f64c1916e47f2166e
SHA1: 8309e2433cc21da4b613793c45783673875947a4
SHA256: 977828a680bb85bc3cfcce17c501a7f185cc14e2c8a07d80f1d440862b650fff
SSDeep: 24:/O0vgHIX/B+ktgzmGpi5z/1RToyHFxaQkUqdhXysAhrNhN:/O0IoX/Bjym2ip1RTzvd/qTXysAhHN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.67 KB MD5: bc43da47e328c2600e8ed4d6b7f744d8
SHA1: a9bbfe535a6c19a15ffded9d206106f2067781ed
SHA256: 5c6c04671f19785e5befb77d9499ff9abcded6caf9d0a5514c9e4bf8b20558dd
SSDeep: 12:SoIlJ0PGaq298Qc5CcWGOlOYqPkiUxsRQRAP2FXGF9Fl/ysBShrNLVfjKO:RI/oNV6hKlDqlOR62F2F9bysAhrNhN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.61 KB MD5: ca2116336b7caaff4f76e7df87423916
SHA1: 16fe8e97c1ac57e125144e4000f15096e450c05b
SHA256: 6dd9bea3aa20e5185f1314ea128c59164530aaf73ab847c64ff3f64938357724
SSDeep: 12:5HgkAIj9z1VKhWWYTZbpXbKAvzvoCmtm7ysBShrNLVfjKO:dRAIj4alJbKXtm7ysAhrNhN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.05 KB MD5: 2e9d31c6d3bc48e306307d1deb5d171a
SHA1: 866d0af1e6a75f66e0f1c21c885fc4d163196d2b
SHA256: a85dcfad17e832d5f6c4d4be10d8651a24bf3d24c3a331f9bc08d21e8373e0e1
SSDeep: 48:BbjHeWG/UnnEgjuGPeRns8hWF7AC02HaDI4ruYH0ysAhHN:Bv+n8nBjuGG1zAFKOarrAysCt
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.55 KB MD5: 494e279a15d8f65cbf1fb2987842d31f
SHA1: 4fbb7bd07ac5a1c69e2074a711087abc3e542b5e
SHA256: e4827b25fd5323a46ce5050f60cdede482785b0a243ede1ea2fe70a58514bb4a
SSDeep: 48:WGFSdxSLoSVFTfAKKGsNaoMesNH37MqysAhHN:W2aENDjKGWaXeEHwqysCt
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.58 KB MD5: 0aebbf3707bf4b0ba7d044fc5c320900
SHA1: 52b634f3be920d0015856f3ecfa8de9af4fa8c6f
SHA256: 390b3f982acaa243d05c20cd92d689d97b10c5596a19073bc5af37db5a7821fa
SSDeep: 12:JGEq+yx8hzjj9o96DDA1MRc6FE1h2MqfBt90ysBShrNLVfjKO:JQ+yujBBv7zFchvysAhrNhN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.46 KB MD5: 233b8e64d8c154365a79bc1e196b73db
SHA1: 21ccd8a3c37bdd647baed67d3a4ec05428e579b1
SHA256: f1485ef47df129a53cc12f73df0e72c727cbbb8ace41647e8292900aa4ec9d5d
SSDeep: 12:x0IcvOiGTTc3kOa7OgN1wwINf//UOsysBShrNLVfjKO:xcGiEQ3kOabMf//bsysAhrNhN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 2.16 KB MD5: 56b976d6ecf3588d627e48ee3905f834
SHA1: 5906c16fa4f9975837ad3555ecd41eb84d4d381a
SHA256: 775dcd2c6b6b2f6226ae7242f0ece0cca5e50bc17ea8ea779ff69799e4848661
SSDeep: 48:6CKNIqyHQQ1CewqbB1XssrKy59F6VT+6yM5nu1uU7M+ysAhHN:DKNI3QQ1Chql18vm/6l+s3+ysCt
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 1.35 KB MD5: 685d94c0406e6c473cfc7f4d1c0333f6
SHA1: 36693199163b2feb6f81cd42fac7787711dda0ac
SHA256: 6e68828f2b13feaef66de6a5963ca14882686f7ab7ed57a6841705ef68c6627b
SSDeep: 24:4M0W7NmGiWUOotvLGZ1kAoR34txo8RoMkaSRwIUr75bQojx0tfT/Vm4Ye3p+ysAb:tNmfNr4/RF6GCojEb0s+ysAhHN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.75 KB MD5: 792df1566ee1f3a57411b8d5dddd4752
SHA1: 408f340dbe39d71254482689b585e490061d9433
SHA256: 4c78494cadae826465894518816031378c2e542dcc19d6a15719bc318ebcf402
SSDeep: 12:5zSier+AAkgI+/9KAU0Q2qx+UQSWMyJh3dsM5dG233AS0ysBShrNLVfjKO:5BOWIZhiqxxtWMyJ/BdJHf0ysAhrNhN
False
\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.83 KB MD5: 1d006995a94488732a8d4d601b138551
SHA1: 62e63fe7fe3cda686292d1450a765e98266482e2
SHA256: 0661ffff017a69b3fadd5bc56e6cb14e8ecaf1f9207b8977a58aa76a2e5fbb4b
SSDeep: 24:YHj5WddBPXtTuil83Q2bHJHsaOoF61VJ5AiysAhrNhN:YHjCpTuiqzbpVbAJVysAhHN
False
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 207.10 KB MD5: 24cda4713aa23b9f476f7e9f342f55ac
SHA1: 5cd3043735b9a9c6824e460cb596cbd344242354
SHA256: 248db092d34f3c1646be9c5afb82d3b07ec998b3b2226ab8afec535fb5e4e39c
SSDeep: 3072:lV5+Q6RZSidvgTWZaDuNGMFTveAqIu5NuOrRMIQ4vwZJ2OfldNjXrFz:lVYvVtZaDusMFTveAqIk7tDwZJVNjhz
False
\\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 16.75 KB MD5: eec3eccde4418c22f98dff219eaa3f4a
SHA1: 940bedd4b48ed008a078072e7e621f8b1b3abf23
SHA256: 7e91b4d2e15e0bf03c79a9739e9b9e99d88e0c598f88c42a87df2236db0a913d
SSDeep: 384:052eYJWUC7VpCALKYzDUa//qH0o7p1xTwP/JRQ9BzItgue7H3Koil:mhUKVnFUEqHD91Z9BEBe7H3FO
False
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 6.88 KB MD5: cc1a85e6013b10e66e879c1853e58737
SHA1: d611cea7f33e33b3045aedc306c41fb8e2cbe0d4
SHA256: 97df43c104171de4f8e23bfad137e2e0373e86ed0f0ff891be328e3577373e7f
SSDeep: 192:GPLyPGO3BSSdZRL2DU8Lpg2mCyCdkXY33Aynt:IOBSSrh2Dx7yCdkX6AM
False
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 194.99 KB MD5: 3a294d754f2f2d4267146eca48a97788
SHA1: f872b9f6701d04267b15b11932bcfa7760285cf5
SHA256: a2670d12fdff749efa9c83512975af4a1b3e15d84d5b480d32c52a0855d806e0
SSDeep: 6144:MtAYv5CHQ5rO/Zb1+sXwVzepL9bGPPXacW9Exh9KKJ:MtPEHyOh1JguxbGPSH9ZA
False
\\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.44 KB MD5: 846f1f1974180f82396d54ce8571ae7b
SHA1: 90a8a10d381516d0c8c26711b9468cd97b078c23
SHA256: 27929c361896fb3303c351dd3f95ff7fee7cee5f6ffea5bcc501c86176460d5e
SSDeep: 12:ccalE1zAtzUZ9XmwT8ipTQZ09GHysBShrNLVfjKM4:1alGz0UZ9W482TQZEGHysAhrNhk
False
\\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.36 KB MD5: 6525ffff1ef4170dfcc2058ee0324387
SHA1: 02ba64f1073b8947abba35fc13b4834681c6127b
SHA256: 3a22be633dc91d92509121df3dc6a7173cc05d028b04b9c8d62081784e3f4d01
SSDeep: 6:Z1nyuk9SyJEJk/5Leihh/7CJy+R3MKeu7RgWR10ysBSPZtEZPQNLVfjKO:Zk9/J0AwihhGL3OsgU10ysBShrNLVfjJ
False
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos 0.25 KB MD5: 213d4b0e8c32c4d83f1477681fc90422
SHA1: ead4d99c022099da7d48b2c63e3eb4640d91ff5a
SHA256: bfb094b825a8172a90dc18ed6d3b2e94a3564b08e850a8a03b6cb4a88d105c18
SSDeep: 6:NyuXTek4KGf5R0mHduZkysBSPZtEZPQNLVfjKO:VeT3nXysBShrNLVfjKO
False
Host Behavior
File (5281)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png type = size, size_out = 3372 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png type = size, size_out = 160 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html type = size, size_out = 92 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js type = size, size_out = 95 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json type = size, size_out = 725 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json type = size, size_out = 257 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json type = size, size_out = 272 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json type = size, size_out = 234 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json type = size, size_out = 274 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json type = size, size_out = 214 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json type = size, size_out = 215 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json type = size, size_out = 223 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json type = size, size_out = 214 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json type = size, size_out = 217 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json type = size, size_out = 222 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json type = size, size_out = 225 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json type = size, size_out = 291 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json type = size, size_out = 230 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json type = size, size_out = 208 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json type = size, size_out = 236 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json type = size, size_out = 230 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json type = size, size_out = 228 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json type = size, size_out = 233 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json type = size, size_out = 210 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json type = size, size_out = 203 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json type = size, size_out = 217 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json type = size, size_out = 222 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json type = size, size_out = 222 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json type = size, size_out = 272 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json type = size, size_out = 227 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json type = size, size_out = 223 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json type = size, size_out = 226 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json type = size, size_out = 260 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json type = size, size_out = 270 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json type = size, size_out = 237 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json type = size, size_out = 215 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json type = size, size_out = 260 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json type = size, size_out = 209 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json type = size, size_out = 352 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = size, size_out = 875520 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png type = size, size_out = 3213 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json type = size, size_out = 11094 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png type = size, size_out = 143 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html type = size, size_out = 92 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js type = size, size_out = 91 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json type = size, size_out = 725 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json type = size, size_out = 246 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json type = size, size_out = 264 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json type = size, size_out = 207 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json type = size, size_out = 222 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json type = size, size_out = 216 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json type = size, size_out = 217 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json type = size, size_out = 260 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json type = size, size_out = 208 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json type = size, size_out = 209 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json type = size, size_out = 206 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json type = size, size_out = 206 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json type = size, size_out = 216 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json type = size, size_out = 216 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json type = size, size_out = 219 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json type = size, size_out = 215 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json type = size, size_out = 279 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json type = size, size_out = 235 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json type = size, size_out = 209 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json type = size, size_out = 213 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json type = size, size_out = 228 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json type = size, size_out = 224 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json type = size, size_out = 207 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json type = size, size_out = 217 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json type = size, size_out = 195 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json type = size, size_out = 213 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json type = size, size_out = 206 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json type = size, size_out = 208 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json type = size, size_out = 213 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json type = size, size_out = 266 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json type = size, size_out = 221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json type = size, size_out = 218 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json type = size, size_out = 248 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json type = size, size_out = 214 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json type = size, size_out = 254 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json type = size, size_out = 227 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json type = size, size_out = 264 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json type = size, size_out = 225 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json type = size, size_out = 206 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json type = size, size_out = 206 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = size, size_out = 218 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = size, size_out = 885760 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json type = size, size_out = 11094 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json type = size, size_out = 352 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png type = size, size_out = 6707 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json type = size, size_out = 1004 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json type = size, size_out = 278 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json type = size, size_out = 319 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json type = size, size_out = 265 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json type = size, size_out = 259 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json type = size, size_out = 243 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json type = size, size_out = 256 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json type = size, size_out = 329 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json type = size, size_out = 249 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json type = size, size_out = 249 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json type = size, size_out = 259 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json type = size, size_out = 259 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json type = size, size_out = 251 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json type = size, size_out = 243 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json type = size, size_out = 257 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json type = size, size_out = 260 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json type = size, size_out = 252 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json type = size, size_out = 278 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json type = size, size_out = 345 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json type = size, size_out = 263 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json type = size, size_out = 264 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json type = size, size_out = 261 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json type = size, size_out = 258 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json type = size, size_out = 293 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json type = size, size_out = 281 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json type = size, size_out = 285 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json type = size, size_out = 258 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json type = size, size_out = 254 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json type = size, size_out = 242 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json type = size, size_out = 218 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json type = size, size_out = 257 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json type = size, size_out = 246 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json type = size, size_out = 264 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json type = size, size_out = 281 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json type = size, size_out = 338 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json type = size, size_out = 274 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json type = size, size_out = 268 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json type = size, size_out = 287 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json type = size, size_out = 253 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json type = size, size_out = 356 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json type = size, size_out = 270 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json type = size, size_out = 353 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json type = size, size_out = 279 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json type = size, size_out = 273 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json type = size, size_out = 267 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json type = size, size_out = 11221 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png type = size, size_out = 3406 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json type = size, size_out = 728 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json type = size, size_out = 179 True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json type = file_attributes True 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos type = file_attributes False 1
Fn
Get Info \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json type = size, size_out = 179 True 1
Fn
Copy c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe False 1
Fn
Move \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 True 1
Fn
Move \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite.id[9C354B42-0001].[tedmundboardus@aol.com].phobos source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite True 1
Fn
Read \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini size = 1114368, size_out = 612 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini size = 1114368, size_out = 442 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini size = 1114368, size_out = 370 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini size = 1114368, size_out = 1854 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini size = 1114368, size_out = 1338 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini size = 1114368, size_out = 343 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini size = 1114368, size_out = 216 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini size = 1114368, size_out = 1958 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini size = 1114368, size_out = 1130 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini size = 1114368, size_out = 520 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini size = 1114368, size_out = 606 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Feeds Cache\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\desktop.ini size = 1114368, size_out = 145 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini size = 1114368, size_out = 145 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\desktop.ini size = 1114368, size_out = 145 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini size = 1114368, size_out = 145 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Read \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini size = 1114368, size_out = 67 True 1
Fn
Write \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 624 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 448 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 384 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 1856 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 1344 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 352 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 224 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 1968 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 1136 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 528 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 608 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 176 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos size = 242 True 1
Fn
Data
Delete \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml - True 1
Fn
Delete \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\contentscript_bin_prod.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\dasherSettingSchema.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\page_embed_script.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\af\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\am\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\az\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bn\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\eu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fa\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr_CA\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\is\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\iw\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ka\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hy\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\kn\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lo\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\km\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mn\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ne\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\si\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sw\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ta\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\te\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ur\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_HK\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ml\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\en\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fa\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\gu\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\iw\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\kn\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ml\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\mr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nb\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ta\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\te\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sw\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\vi\messages.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\desktop.ini - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\desktop.ini - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041320190414\index.dat - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat - True 1
Fn
Delete \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\index.dat - True 1
Fn
For performance reasons, the remaining 4107 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (32)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 4
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 34543120, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 34543184, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 196, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 34559280, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Desktop, data = %USERPROFILE%\Desktop, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Desktop, data = 76, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Desktop, data = 34543148, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Desktop, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Desktop, data = %PUBLIC%\Desktop, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ True 1
Fn
Process (6)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cmd.exe os_pid = 0x698, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\cmd.exe os_pid = 0x69c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create c:\users\5p5nrgjn0js halpmcxz\desktop\info.hta show_window = SW_SHOWNORMAL True 1
Fn
Create c:\users\public\desktop\info.hta show_window = SW_SHOWNORMAL True 1
Fn
Create c:\\info.hta show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\cmd.exe os_pid = 0x538, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Module (38)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 16
Fn
Get Filename - process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 True 5
Fn
System (179)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1000 milliseconds (1.000 seconds) True 173
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = System Time, time = 2019-04-12 12:29:04 (UTC) True 1
Fn
Get Time type = Ticks, time = 43680 True 1
Fn
Get Time type = Performance Ctr, time = 8828656042 True 1
Fn
Get Time type = Ticks, time = 43711 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (93)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\00019C354B4201 True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 6
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 6
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE True 9
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #17: cmd.exe
333 0
»
Information Value
ID #17
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\system32\cmd.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:04, Reason: Child Process
Unmonitor End Time: 00:02:58, Reason: Self Terminated
Monitor Duration 00:00:54
OS Process Information
»
Information Value
PID 0x69c
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 27C
Host Behavior
File (264)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Windows\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 14
Fn
Get Info STD_INPUT_HANDLE type = file_type True 7
Fn
Open STD_OUTPUT_HANDLE - True 33
Fn
Open STD_INPUT_HANDLE - True 104
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 91
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 39 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\netsh.exe os_pid = 0x32c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\netsh.exe os_pid = 0x4fc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\Windows\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (2)
»
Operation Process Additional Information Success Count Logfile
Read C:\Windows\system32\netsh.exe address = 8796092878848, size = 896 True 1
Fn
Data
Read C:\Windows\system32\netsh.exe address = 8796092887040, size = 896 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x76d30000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4ab10000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76b10000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76b223d0 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76b18290 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76b217e0 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x76d814a0 True 1
Fn
System (4)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:29:04 (UTC) True 1
Fn
Get Time type = Ticks, time = 44023 True 1
Fn
Get Time type = Performance Ctr, time = 8863272840 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (30)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 10
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 3
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 2
Fn
Set Environment String name = =ExitCode, value = 00000000 True 2
Fn
Set Environment String name = =ExitCodeAscii True 2
Fn
Process #18: cmd.exe
586 0
»
Information Value
ID #18
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\system32\cmd.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:04, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:01:48
OS Process Information
»
Information Value
PID 0x698
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 694
Host Behavior
File (493)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Windows\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 19
Fn
Get Info STD_INPUT_HANDLE type = file_type True 10
Fn
Open STD_OUTPUT_HANDLE - True 47
Fn
Open STD_INPUT_HANDLE - True 208
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 188
Fn
Data
Read STD_INPUT_HANDLE size = 1 False 1
Fn
Write STD_OUTPUT_HANDLE size = 36 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 7
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 58 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 42 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (8)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\vssadmin.exe os_pid = 0x328, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\System32\Wbem\WMIC.exe os_pid = 0x218, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\bcdedit.exe os_pid = 0xc0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\bcdedit.exe os_pid = 0x440, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\Windows\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\System32\Wbem\WMIC.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (4)
»
Operation Process Additional Information Success Count Logfile
Read C:\Windows\system32\vssadmin.exe address = 8796092841984, size = 896 True 1
Fn
Data
Read C:\Windows\System32\Wbem\WMIC.exe address = 8796092866560, size = 896 True 1
Fn
Data
Read C:\Windows\system32\bcdedit.exe address = 8796092854272, size = 896 True 1
Fn
Data
Read C:\Windows\system32\bcdedit.exe address = 8796092887040, size = 896 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x76d30000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4ab10000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76b10000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76b223d0 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76b18290 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76b217e0 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x76d814a0 True 1
Fn
System (4)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:29:04 (UTC) True 1
Fn
Get Time type = Ticks, time = 44070 True 1
Fn
Get Time type = Performance Ctr, time = 8867997103 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (48)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 16
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 5
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 5
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 5
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 4
Fn
Set Environment String name = =ExitCode, value = 00000000 True 4
Fn
Set Environment String name = =ExitCodeAscii True 4
Fn
Process #19: netsh.exe
92 0
»
Information Value
ID #19
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:04, Reason: Child Process
Unmonitor End Time: 00:02:54, Reason: Self Terminated
Monitor Duration 00:00:50
OS Process Information
»
Information Value
PID 0x32c
Parent PID 0x69c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 5F0
0x 788
0x 5FC
0x 55C
0x 31C
0x 7C8
Host Behavior
File (4)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 2
Fn
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (23)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (50)
»
Operation Module Additional Information Success Count Logfile
Load RASMONTR.DLL base_address = 0x7fef4310000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7fefee20000 True 1
Fn
Load C:\Windows\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load NSHWFP.DLL base_address = 0x7fef3770000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7fef43b0000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7fef3ef0000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7fef3ee0000 True 1
Fn
Load FWCFG.DLL base_address = 0x7fef3630000 True 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7fef35b0000 True 1
Fn
Load IFMON.DLL base_address = 0x7fef3ec0000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7fef3550000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7fef3540000 True 1
Fn
Load HNETMON.DLL base_address = 0x7fef3530000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7fef3520000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7fef3500000 True 1
Fn
Load NAPMONTR.DLL base_address = 0x7fef33f0000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7fef32f0000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7fef3af0000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7fef41c0000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7fef4190000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7fef4130000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7fef3a20000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7fef3930000 True 1
Fn
Load kernel32.dll base_address = 0x76b10000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x1440000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7fefee20000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7fef432cf70 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7fef37db6d0 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7fef43b1a40 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7fef3ef1720 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7fef3ee1c24 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7fef3632d20 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7fef35b5d20 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7fef3ec1924 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7fef356ce30 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7fef354210c True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7fef35322a4 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7fef3522e88 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7fef350390c True 1
Fn
Get Address c:\windows\system32\napmontr.dll function = InitHelperDll, address_out = 0x7fef340048c True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7fef32f6230 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7fef3b37360 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7fef41c28e4 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7fef4195568 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7fef41320c8 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7fef3a2613c True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7fef39ae69c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
System (14)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 806, y_out = 457 True 1
Fn
Get Time type = System Time, time = 2019-04-12 12:29:05 (UTC) True 2
Fn
Get Time type = Ticks, time = 44382 True 1
Fn
Get Time type = Performance Ctr, time = 8898858496 True 1
Fn
Get Time type = Ticks, time = 44647 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Process #20: vssadmin.exe
0 0
»
Information Value
ID #20
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:04, Reason: Child Process
Unmonitor End Time: 00:03:29, Reason: Self Terminated
Monitor Duration 00:01:25
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x328
Parent PID 0x698 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 5BC
0x 7F0
0x 334
0x 330
0x 5E4
Process #21: vssvc.exe
3 0
»
Information Value
ID #21
File Name c:\windows\system32\vssvc.exe
Command Line C:\Windows\system32\vssvc.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:04, Reason: RPC Server
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:01:47
OS Process Information
»
Information Value
PID 0x5c0
Parent PID 0x1d8 (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 670
0x 674
0x 574
0x 54C
0x 368
0x 364
0x 7EC
0x 710
0x 64
0x 5CC
Host Behavior
System (3)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:29:06 (UTC) True 1
Fn
Get Time type = Ticks, time = 45630 True 1
Fn
Get Time type = Performance Ctr, time = 9023031380 True 1
Fn
Process #23: netsh.exe
94 0
»
Information Value
ID #23
File Name c:\windows\system32\netsh.exe
Command Line netsh firewall set opmode mode=disable
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:53, Reason: Child Process
Unmonitor End Time: 00:02:58, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0x4fc
Parent PID 0x69c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 560
0x 58C
0x 188
0x 214
0x 258
0x 250
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 3
Fn
Write STD_OUTPUT_HANDLE size = 305 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (23)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (50)
»
Operation Module Additional Information Success Count Logfile
Load RASMONTR.DLL base_address = 0x7fef83a0000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7fefee20000 True 1
Fn
Load C:\Windows\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load NSHWFP.DLL base_address = 0x7fef3fb0000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7fef82d0000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7fef7ab0000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7fef7aa0000 True 1
Fn
Load FWCFG.DLL base_address = 0x7fef7a70000 True 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7fef4320000 True 1
Fn
Load IFMON.DLL base_address = 0x7fef43b0000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7fef3f70000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7fef4310000 True 1
Fn
Load HNETMON.DLL base_address = 0x7fef3f60000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7fef3f50000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7fef3f30000 True 1
Fn
Load NAPMONTR.DLL base_address = 0x7fef3ba0000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7fef3aa0000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7fef3900000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7fef38b0000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7fef3880000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7fef3780000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7fef3620000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7fef3530000 True 1
Fn
Load kernel32.dll base_address = 0x76b10000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0xf10000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7fefee20000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7fef83bcf70 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7fef401b6d0 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7fef82d1a40 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7fef7ab1720 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7fef7aa1c24 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7fef7a72d20 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7fef4325d20 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7fef43b1924 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7fef3f8ce30 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7fef431210c True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7fef3f622a4 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7fef3f52e88 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7fef3f3390c True 1
Fn
Get Address c:\windows\system32\napmontr.dll function = InitHelperDll, address_out = 0x7fef3bb048c True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7fef3aa6230 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7fef3947360 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7fef38b28e4 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7fef3885568 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7fef37820c8 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7fef362613c True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7fef35ae69c True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
System (14)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 449, y_out = 294 True 1
Fn
Get Time type = System Time, time = 2019-04-12 12:29:47 (UTC) True 2
Fn
Get Time type = Ticks, time = 86471 True 1
Fn
Get Time type = Performance Ctr, time = 13825158366 True 1
Fn
Get Time type = Ticks, time = 86502 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Process #24: wmic.exe
163 0
»
Information Value
ID #24
File Name c:\windows\system32\wbem\wmic.exe
Command Line wmic shadowcopy delete
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:28, Reason: Child Process
Unmonitor End Time: 00:03:33, Reason: Self Terminated
Monitor Duration 00:00:05
OS Process Information
»
Information Value
PID 0x218
Parent PID 0x698 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 628
0x 658
0x 118
0x 3CC
0x 6B4
0x 760
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy True 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x76b10000 True 1
Fn
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0xff440000 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
System (7)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Time type = System Time, time = 2019-04-12 12:30:21 (UTC) True 1
Fn
Get Time type = Ticks, time = 121290 True 1
Fn
Get Time type = Performance Ctr, time = 17322662161 True 1
Fn
Get Time type = Local Time, time = 2019-04-12 22:30:23 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #27: bcdedit.exe
0 0
»
Information Value
ID #27
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:32, Reason: Child Process
Unmonitor End Time: 00:03:34, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc0
Parent PID 0x698 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 498
Process #28: mshta.exe
496 0
»
Information Value
ID #28
File Name c:\windows\syswow64\mshta.exe
Command Line "C:\Windows\SysWOW64\mshta.exe" "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\info.hta"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:00:19
OS Process Information
»
Information Value
PID 0x380
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 390
0x 31C
0x 330
0x 760
0x 6B4
0x 628
0x 738
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create 3050F5C8-98B5-11CF-BB82-00AA00BDCE0B 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 50D5107A-D278-4871-8989-F4CEAAF59CFC 08C0E040-62D1-11D1-9326-0060B067B86E cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD True 1
Fn
Create 275C23E2-3747-11D0-9FEA-00AA003F8646 DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F414C260-6AC0-11CF-B6D1-00AA00BBBB58 BB1A2AE1-A4F9-11CF-8F20-00805F2CD064 cls_context = CLSCTX_INPROC_SERVER False 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 3C374A40-BAE4-11CF-BF7D-00AA006946EE 3C374A41-BAE4-11CF-BF7D-00AA006946EE cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File (6)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT type = size True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Open Mapping #MSHTML#PERF#00000380 desired_access = FILE_MAP_WRITE False 1
Fn
Registry (116)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - True 1
Fn
Read Value HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer value_name = NoFileMenu, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup value_name = Print_Background False 1
Fn
Module (115)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\SysWOW64\mshtml.dll base_address = 0x73f40000 True 1
Fn
Load comctl32.dll base_address = 0x74720000 True 1
Fn
Load OLEAUT32.dll base_address = 0x76340000 True 1
Fn
Load mshtml.dll base_address = 0x73f40000 True 2
Fn
Load kernel32.dll base_address = 0x76180000 True 1
Fn
Load ieframe.dll base_address = 0x71da0000 True 2
Fn
Load oleaut32.dll base_address = 0x76340000 True 1
Fn
Load SHELL32.dll base_address = 0x75450000 True 1
Fn
Load ADVAPI32.dll base_address = 0x763d0000 True 1
Fn
Load ImgUtil.dll base_address = 0x73d40000 True 1
Fn
Get Handle c:\windows\syswow64\mshta.exe base_address = 0xb40000 True 2
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 5
Fn
Get Handle c:\windows\syswow64\kernelbase.dll base_address = 0x750a0000 True 26
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x763d0000 True 1
Fn
Get Handle EXPLORER.EXE base_address = 0x0 False 1
Fn
Get Handle IEXPLORE.EXE base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 4
Fn
Get Filename C:\Windows\SysWOW64\mshtml.dll process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 True 1
Fn
Get Filename c:\windows\syswow64\mshta.exe process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Filename IEXPLORE.EXE process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = EncodePointer, address_out = 0x76f50fcb True 9
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = DecodePointer, address_out = 0x76f49d35 True 17
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapSetInformation, address_out = 0x76195651 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventWrite, address_out = 0x76f70c59 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventRegister, address_out = 0x76f4f6ba True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventUnregister, address_out = 0x76f69241 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RegisterApplicationRestart, address_out = 0x761bb53c True 1
Fn
Get Address c:\windows\syswow64\mshtml.dll function = RunHTMLApplication, address_out = 0x73f9e710 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSRWLock, address_out = 0x76f48456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockExclusive, address_out = 0x76f429f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockShared, address_out = 0x76f42560 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockExclusive, address_out = 0x76f429ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockShared, address_out = 0x76f425a9 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 6, address_out = 0x76343e59 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 7, address_out = 0x76344680 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 8, address_out = 0x76343ed5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadUILanguage, address_out = 0x761bcf14 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 2, address_out = 0x76344642 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantClear, address_out = 0x76343eae True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ExtractIconW, address_out = 0x7555dd1c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegisterTraceGuidsA, address_out = 0x76f7848f True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x763e4907 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = DecodeImage, address_out = 0x73d421a5 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetFolderPathW, address_out = 0x754d5708 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Map - process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_ALL_ACCESS True 1
Fn
Window (8)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 4856120 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 True 1
Fn
Set Attribute - index = -21, new_long = 4856120 False 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -20, new_long = 262144 True 1
Fn
Keyboard (38)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID True 2
Fn
Read virtual_key_code = VK_SHIFT, result_out = 0 True 6
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 6
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 6
Fn
Read virtual_key_code = VK_LSHIFT, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LCONTROL, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LMENU, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 3
Fn
System (64)
»
Operation Additional Information Success Count Logfile
Get window text window_text = 4319656 False 1
Fn
Get window text window_text = 4310928 True 1
Fn
Get Cursor x_out = 751, y_out = 143 True 1
Fn
Get Cursor x_out = 449, y_out = 50 True 4
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 3
Fn
Get Time type = System Time, time = 2019-04-12 12:30:24 (UTC) True 1
Fn
Get Time type = Ticks, time = 124223 True 1
Fn
Get Time type = Performance Ctr, time = 17813036530 True 1
Fn
Get Time type = Ticks, time = 131540 True 1
Fn
Get Time type = Ticks, time = 132678 True 1
Fn
Get Time type = Ticks, time = 132694 True 1
Fn
Get Time type = Ticks, time = 132710 True 2
Fn
Get Time type = Ticks, time = 132741 True 1
Fn
Get Time type = Ticks, time = 133396 True 1
Fn
Get Time type = Ticks, time = 133599 True 1
Fn
Get Time type = Ticks, time = 133630 True 5
Fn
Get Time type = Ticks, time = 134098 True 3
Fn
Get Time type = Ticks, time = 134332 True 3
Fn
Get Time type = Ticks, time = 134348 True 3
Fn
Get Time type = Ticks, time = 134410 True 2
Fn
Get Time type = Ticks, time = 135065 True 4
Fn
Get Time type = Ticks, time = 135143 True 6
Fn
Get Info type = Operating System True 6
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Get Info - True 6
Fn
Mutex (2)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Local\!PrivacIE!SharedMemory!Mutex True 1
Fn
Release - True 1
Fn
Environment (2)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = JS_PROFILER False 1
Fn
Ini (5)
»
Operation Filename Additional Information Success Count Logfile
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 True 1
Fn
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 True 1
Fn
Process #29: bcdedit.exe
0 0
»
Information Value
ID #29
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} recoveryenabled no
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:03:34, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x440
Parent PID 0x698 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 738
Process #30: mshta.exe
489 0
»
Information Value
ID #30
File Name c:\windows\syswow64\mshta.exe
Command Line "C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:00:18
OS Process Information
»
Information Value
PID 0x774
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C4
0x 710
0x 5BC
0x 494
0x 658
0x 118
0x 29C
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create 3050F5C8-98B5-11CF-BB82-00AA00BDCE0B 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 50D5107A-D278-4871-8989-F4CEAAF59CFC 08C0E040-62D1-11D1-9326-0060B067B86E cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD True 1
Fn
Create 275C23E2-3747-11D0-9FEA-00AA003F8646 DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F414C260-6AC0-11CF-B6D1-00AA00BBBB58 BB1A2AE1-A4F9-11CF-8F20-00805F2CD064 cls_context = CLSCTX_INPROC_SERVER False 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 3C374A40-BAE4-11CF-BF7D-00AA006946EE 3C374A41-BAE4-11CF-BF7D-00AA006946EE cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File (4)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Open Mapping #MSHTML#PERF#00000774 desired_access = FILE_MAP_WRITE False 1
Fn
Registry (116)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - True 1
Fn
Read Value HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer value_name = NoFileMenu, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup value_name = Print_Background False 1
Fn
Module (114)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\SysWOW64\mshtml.dll base_address = 0x73f40000 True 1
Fn
Load comctl32.dll base_address = 0x74720000 True 1
Fn
Load OLEAUT32.dll base_address = 0x76340000 True 1
Fn
Load mshtml.dll base_address = 0x73f40000 True 2
Fn
Load OLEACC.DLL base_address = 0x73eb0000 True 1
Fn
Load kernel32.dll base_address = 0x76180000 True 1
Fn
Load ieframe.dll base_address = 0x71da0000 True 2
Fn
Load oleaut32.dll base_address = 0x76340000 True 1
Fn
Load SHELL32.dll base_address = 0x75450000 True 1
Fn
Load ADVAPI32.dll base_address = 0x763d0000 True 1
Fn
Load ImgUtil.dll base_address = 0x73d40000 True 1
Fn
Get Handle c:\windows\syswow64\mshta.exe base_address = 0xb40000 True 2
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 5
Fn
Get Handle c:\windows\syswow64\kernelbase.dll base_address = 0x750a0000 True 26
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x763d0000 True 1
Fn
Get Handle EXPLORER.EXE base_address = 0x0 False 1
Fn
Get Handle IEXPLORE.EXE base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 4
Fn
Get Filename C:\Windows\SysWOW64\mshtml.dll process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 True 1
Fn
Get Filename c:\windows\syswow64\mshta.exe process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Filename IEXPLORE.EXE process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = EncodePointer, address_out = 0x76f50fcb True 9
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = DecodePointer, address_out = 0x76f49d35 True 17
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapSetInformation, address_out = 0x76195651 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventWrite, address_out = 0x76f70c59 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventRegister, address_out = 0x76f4f6ba True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventUnregister, address_out = 0x76f69241 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RegisterApplicationRestart, address_out = 0x761bb53c True 1
Fn
Get Address c:\windows\syswow64\mshtml.dll function = RunHTMLApplication, address_out = 0x73f9e710 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSRWLock, address_out = 0x76f48456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockExclusive, address_out = 0x76f429f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockShared, address_out = 0x76f42560 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockExclusive, address_out = 0x76f429ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockShared, address_out = 0x76f425a9 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 6, address_out = 0x76343e59 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 7, address_out = 0x76344680 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 8, address_out = 0x76343ed5 True 1
Fn
Get Address c:\windows\syswow64\oleacc.dll function = LresultFromObject, address_out = 0x73eb2663 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadUILanguage, address_out = 0x761bcf14 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 2, address_out = 0x76344642 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantClear, address_out = 0x76343eae True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ExtractIconW, address_out = 0x7555dd1c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegisterTraceGuidsA, address_out = 0x76f7848f True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x763e4907 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = DecodeImage, address_out = 0x73d421a5 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 True 1
Fn
Map - process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Window (8)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 5513080 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 True 1
Fn
Set Attribute - index = -21, new_long = 5513080 False 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -20, new_long = 262144 True 1
Fn
Keyboard (38)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID True 2
Fn
Read virtual_key_code = VK_SHIFT, result_out = 0 True 6
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 6
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 6
Fn
Read virtual_key_code = VK_LSHIFT, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LCONTROL, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LMENU, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 3
Fn
System (64)
»
Operation Additional Information Success Count Logfile
Get window text window_text = 1369472 False 1
Fn
Get window text window_text = 1360744 True 1
Fn
Get Cursor x_out = 751, y_out = 143 True 1
Fn
Get Cursor x_out = 449, y_out = 50 True 4
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 3
Fn
Get Time type = System Time, time = 2019-04-12 12:30:25 (UTC) True 1
Fn
Get Time type = Ticks, time = 124488 True 1
Fn
Get Time type = Performance Ctr, time = 17838602811 True 1
Fn
Get Time type = Ticks, time = 131555 True 1
Fn
Get Time type = Ticks, time = 132694 True 2
Fn
Get Time type = Ticks, time = 132710 True 2
Fn
Get Time type = Ticks, time = 132741 True 1
Fn
Get Time type = Ticks, time = 133380 True 1
Fn
Get Time type = Ticks, time = 133583 True 1
Fn
Get Time type = Ticks, time = 133614 True 5
Fn
Get Time type = Ticks, time = 134098 True 3
Fn
Get Time type = Ticks, time = 134301 True 1
Fn
Get Time type = Ticks, time = 134316 True 1
Fn
Get Time type = Ticks, time = 134519 True 4
Fn
Get Time type = Ticks, time = 134550 True 2
Fn
Get Time type = Ticks, time = 135050 True 4
Fn
Get Time type = Ticks, time = 135112 True 6
Fn
Get Info type = Operating System True 6
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Get Info - True 6
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Local\!PrivacIE!SharedMemory!Mutex True 1
Fn
Environment (2)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = JS_PROFILER False 1
Fn
Ini (5)
»
Operation Filename Additional Information Success Count Logfile
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 True 1
Fn
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 True 1
Fn
Process #31: mshta.exe
487 0
»
Information Value
ID #31
File Name c:\windows\syswow64\mshta.exe
Command Line "C:\Windows\SysWOW64\mshta.exe" "C:\info.hta"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:00:10
OS Process Information
»
Information Value
PID 0x124
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 36C
0x 6F0
0x 354
0x 684
0x 630
0x 3CC
0x 498
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create 3050F5C8-98B5-11CF-BB82-00AA00BDCE0B 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 50D5107A-D278-4871-8989-F4CEAAF59CFC 08C0E040-62D1-11D1-9326-0060B067B86E cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD True 1
Fn
Create 275C23E2-3747-11D0-9FEA-00AA003F8646 DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F414C260-6AC0-11CF-B6D1-00AA00BBBB58 BB1A2AE1-A4F9-11CF-8F20-00805F2CD064 cls_context = CLSCTX_INPROC_SERVER False 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 3C374A40-BAE4-11CF-BF7D-00AA006946EE 3C374A41-BAE4-11CF-BF7D-00AA006946EE cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File (4)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Open Mapping #MSHTML#PERF#00000124 desired_access = FILE_MAP_WRITE False 1
Fn
Registry (116)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 8
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 2
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG - True 1
Fn
Read Value HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer value_name = NoFileMenu, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup value_name = Print_Background False 1
Fn
Module (112)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\SysWOW64\mshtml.dll base_address = 0x73f40000 True 1
Fn
Load comctl32.dll base_address = 0x74720000 True 1
Fn
Load OLEAUT32.dll base_address = 0x76340000 True 1
Fn
Load mshtml.dll base_address = 0x73f40000 True 2
Fn
Load kernel32.dll base_address = 0x76180000 True 1
Fn
Load ieframe.dll base_address = 0x71da0000 True 2
Fn
Load oleaut32.dll base_address = 0x76340000 True 1
Fn
Load SHELL32.dll base_address = 0x75450000 True 1
Fn
Load ADVAPI32.dll base_address = 0x763d0000 True 1
Fn
Load ImgUtil.dll base_address = 0x73d40000 True 1
Fn
Get Handle c:\windows\syswow64\mshta.exe base_address = 0xb40000 True 2
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76180000 True 5
Fn
Get Handle c:\windows\syswow64\kernelbase.dll base_address = 0x750a0000 True 26
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x763d0000 True 1
Fn
Get Handle EXPLORER.EXE base_address = 0x0 False 1
Fn
Get Handle IEXPLORE.EXE base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 4
Fn
Get Filename C:\Windows\SysWOW64\mshtml.dll process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 True 1
Fn
Get Filename c:\windows\syswow64\mshta.exe process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Filename IEXPLORE.EXE process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76194f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76191252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76194208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7619359f True 1
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = EncodePointer, address_out = 0x76f50fcb True 9
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = DecodePointer, address_out = 0x76f49d35 True 17
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapSetInformation, address_out = 0x76195651 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventWrite, address_out = 0x76f70c59 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventRegister, address_out = 0x76f4f6ba True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventUnregister, address_out = 0x76f69241 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RegisterApplicationRestart, address_out = 0x761bb53c True 1
Fn
Get Address c:\windows\syswow64\mshtml.dll function = RunHTMLApplication, address_out = 0x73f9e710 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSRWLock, address_out = 0x76f48456 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockExclusive, address_out = 0x76f429f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AcquireSRWLockShared, address_out = 0x76f42560 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockExclusive, address_out = 0x76f429ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseSRWLockShared, address_out = 0x76f425a9 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 6, address_out = 0x76343e59 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 7, address_out = 0x76344680 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 8, address_out = 0x76343ed5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadUILanguage, address_out = 0x761bcf14 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = 2, address_out = 0x76344642 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantClear, address_out = 0x76343eae True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ExtractIconW, address_out = 0x7555dd1c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegisterTraceGuidsA, address_out = 0x76f7848f True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x763e4907 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = DecodeImage, address_out = 0x73d421a5 True 1
Fn
Get Address c:\windows\syswow64\imgutil.dll function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad True 1
Fn
Create Mapping - filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 True 1
Fn
Map - process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Window (8)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 6035024 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 True 1
Fn
Set Attribute - index = -21, new_long = 6035024 False 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 True 1
Fn
Set Attribute - class_name = HTML Application Host Window Class, index = -20, new_long = 262144 True 1
Fn
Keyboard (38)
»
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID True 2
Fn
Read virtual_key_code = VK_SHIFT, result_out = 0 True 6
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 6
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 6
Fn
Read virtual_key_code = VK_LSHIFT, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LCONTROL, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LMENU, result_out = 0 True 3
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 3
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 3
Fn
System (64)
»
Operation Additional Information Success Count Logfile
Get window text window_text = 2025456 False 1
Fn
Get window text window_text = 2016728 True 1
Fn
Get Cursor x_out = 751, y_out = 143 True 1
Fn
Get Cursor x_out = 449, y_out = 50 True 4
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 3
Fn
Get Time type = System Time, time = 2019-04-12 12:30:30 (UTC) True 1
Fn
Get Time type = Ticks, time = 129714 True 1
Fn
Get Time type = Performance Ctr, time = 18665518959 True 1
Fn
Get Time type = Ticks, time = 131540 True 1
Fn
Get Time type = Ticks, time = 132678 True 1
Fn
Get Time type = Ticks, time = 132710 True 3
Fn
Get Time type = Ticks, time = 132741 True 1
Fn
Get Time type = Ticks, time = 133380 True 1
Fn
Get Time type = Ticks, time = 133599 True 1
Fn
Get Time type = Ticks, time = 133614 True 5
Fn
Get Time type = Ticks, time = 134098 True 3
Fn
Get Time type = Ticks, time = 134285 True 2
Fn
Get Time type = Ticks, time = 134301 True 4
Fn
Get Time type = Ticks, time = 134410 True 1
Fn
Get Time type = Ticks, time = 134426 True 1
Fn
Get Time type = Ticks, time = 135050 True 4
Fn
Get Time type = Ticks, time = 135143 True 3
Fn
Get Time type = Ticks, time = 135159 True 3
Fn
Get Info type = Operating System True 6
Fn
Get Info type = Operating System True 4
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Get Info - True 6
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Local\!PrivacIE!SharedMemory!Mutex True 1
Fn
Environment (2)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = JS_PROFILER False 1
Fn
Ini (5)
»
Operation Filename Additional Information Success Count Logfile
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 True 1
Fn
Read Win.ini section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 True 1
Fn
Read Win.ini section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 True 1
Fn
Process #32: cmd.exe
586 0
»
Information Value
ID #32
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\system32\cmd.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:52, Reason: Terminated by Timeout
Monitor Duration 00:00:10
OS Process Information
»
Information Value
PID 0x538
Parent PID 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 5DC
Host Behavior
File (493)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Windows\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 19
Fn
Get Info STD_INPUT_HANDLE type = file_type True 10
Fn
Open STD_OUTPUT_HANDLE - True 47
Fn
Open STD_INPUT_HANDLE - True 208
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 188
Fn
Data
Read STD_INPUT_HANDLE size = 1 False 1
Fn
Write STD_OUTPUT_HANDLE size = 36 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 7
Fn
Data
Write STD_OUTPUT_HANDLE size = 63 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 58 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 42 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (8)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\vssadmin.exe os_pid = 0x6e8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\System32\Wbem\WMIC.exe os_pid = 0xcc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\bcdedit.exe os_pid = 0xec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\Windows\system32\bcdedit.exe os_pid = 0x7f0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\Windows\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\System32\Wbem\WMIC.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\Windows\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (4)
»
Operation Process Additional Information Success Count Logfile
Read C:\Windows\system32\vssadmin.exe address = 8796092874752, size = 896 True 1
Fn
Data
Read C:\Windows\System32\Wbem\WMIC.exe address = 8796092850176, size = 896 True 1
Fn
Data
Read C:\Windows\system32\bcdedit.exe address = 8796092870656, size = 896 True 1
Fn
Data
Read C:\Windows\system32\bcdedit.exe address = 8796092850176, size = 896 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x76d30000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x4ab10000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x76b10000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x76b223d0 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x76b18290 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x76b217e0 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x76d814a0 True 1
Fn
System (4)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-04-12 12:30:30 (UTC) True 1
Fn
Get Time type = Ticks, time = 130026 True 1
Fn
Get Time type = Performance Ctr, time = 18696536533 True 1
Fn
Get Info type = Operating System True 1
Fn
Environment (48)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 16
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 5
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 5
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 5
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 4
Fn
Set Environment String name = =ExitCode, value = 00000001 True 1
Fn
Set Environment String name = =ExitCodeAscii True 4
Fn
Set Environment String name = =ExitCode, value = 00000000 True 3
Fn
Process #33: vssadmin.exe
0 0
»
Information Value
ID #33
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:43, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x6e8
Parent PID 0x538 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 434
0x 7AC
0x 7B4
0x 7D4
0x 158
Process #34: wmic.exe
163 0
»
Information Value
ID #34
File Name c:\windows\system32\wbem\wmic.exe
Command Line wmic shadowcopy delete
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:03:44, Reason: Self Terminated
Monitor Duration 00:00:01
OS Process Information
»
Information Value
PID 0xcc
Parent PID 0x538 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D0
0x D4
0x D8
0x DC
0x E0
0x E4
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy True 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x76b10000 True 1
Fn
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0xff0e0000 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76b26d40 True 1
Fn
System (7)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Time type = System Time, time = 2019-04-12 12:30:31 (UTC) True 1
Fn
Get Time type = Ticks, time = 130307 True 1
Fn
Get Time type = Performance Ctr, time = 18725477102 True 1
Fn
Get Time type = Local Time, time = 2019-04-12 22:30:31 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #35: bcdedit.exe
0 0
»
Information Value
ID #35
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:43, Reason: Child Process
Unmonitor End Time: 00:03:44, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xec
Parent PID 0x538 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 500
Process #36: bcdedit.exe
0 0
»
Information Value
ID #36
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} recoveryenabled no
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:43, Reason: Child Process
Unmonitor End Time: 00:03:44, Reason: Self Terminated
Monitor Duration 00:00:01
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x7f0
Parent PID 0x538 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 5E4
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image