exec.exe
Windows Exe (x86-32)
Created at 2019-04-12T22:27:00
Monitored Processes
Behavior Information - Sequential View
Process #1: exec.exe
344
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:34, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x96c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
970
0x
97C
0x
980
0x
984
0x
9B0
0x
9B4
0x
A80
0x
A84
0x
A88
0x
AA0
0x
AA4
0x
ABC
0x
AC0
0x
AC4
0x
AC8
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe | 71.00 KB |
MD5:
c499e9350dfd74eba5d15fb183725e61
SHA1: 04a76b08175c51c808e221a614698222e3f983ab SHA256: 3380a59f6277030af31ecab0023af30a4f63e5b4407f1aba4a262c34fce397c9 SSDeep: 1536:1FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKBNY33sGD1s0+o:1YPxAwtPtoe/zLaGmCZrqcBS33bD1s9 |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.38 KB |
MD5:
9225df2aedc2bb5abe903754d4d24da9
SHA1: 1cd7dd667f2524f175007cba9096fba366b4521c SHA256: 6c0abe12004d3603313f3eb38d0457ee772d8884b039ed772a1ee91f72aacabc SSDeep: 6:kScbjxHzDNMBXxeQah5tMA+wA+sHHofy2yblM2czWAMmje+UDMMp4/f3JdUEBp2B:kScbjRzDOhezWIfob2RAG4poJWEBpg |
|
|
| \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 64.25 KB |
MD5:
5e2acb6875a8f96988be702e75e59049
SHA1: 9eeca00540511ad681a58b63b9f206285aa96107 SHA256: 90835b96f778107038a35589389d5657b5e77ee3eeb9c9610f21206e0a723386 SSDeep: 1536:oeWe07qfd/vTMj5OuY8bTMoi8K4cjzH2r+RJMDrZnis:oeWe07qljG5vZf3rRD1nt |
|
|
| \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 8.25 KB |
MD5:
a6ef1133a17426f563c0c2a1da37c225
SHA1: a6eeced28e03bbcbd8e9c81f893a31d7dd658ec4 SHA256: 1c2d148f6b8c4f0895a55a22732bcde8047eb78e235c76d7173a2fdd39dc7330 SSDeep: 192:KQf5+tXDl5rn/4aX/W4OcqYhT3vGquMVjA9EYqTM0raoq:JfE5rb/48bOcqYdOqVsR |
|
|
Threads
Thread 0x970
63
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:36 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 106548 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15795443241 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 106579 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4200 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4200 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 9180688, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 9180752, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 196, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 9196824, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
3 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
2 |
Thread 0x97c
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4200 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4200 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4200 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4200 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Thread 0x980
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CreateProcessWithTokenW, address_out = 0x74d8531f |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Create | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, os_pid = 0x98c, show_window = SW_HIDE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 |
Thread 0x9b0
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x9c0, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 188 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 |
Thread 0x9b4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x9b8, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 91 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 |
Thread 0xa88
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Thread 0xaa0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 |
Thread 0xaa4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 |
Thread 0xabc
57
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = size, size_out = 485760 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = size, size_out = 90176 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = size, size_out = 87104 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = size, size_out = 70224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = size, size_out = 383786 |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 |
Thread 0xac0
110
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = size, size_out = 85056 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = size, size_out = 43600 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = size, size_out = 89152 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = size, size_out = 3694080 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, type = size, size_out = 3876772 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = size, size_out = 88144 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = size, size_out = 89664 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = size, size_out = 70720 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = size, size_out = 70208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 |
Thread 0xac4
46
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, size = 1114368, size_out = 129 |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 144 |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BOOTSTAT.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Boot\BOOTSTAT.DAT, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Boot\BOOTSTAT.DAT |
|
1 | |
| File | Create | filename = \\?\C:\BOOTSECT.BAK, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
1 | |
| File | Get Info | filename = \\?\C:\BOOTSECT.BAK, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\BOOTSECT.BAK, size = 1114368, size_out = 8192 |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 8208 |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\BOOTSECT.BAK |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 |
Thread 0xac8
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, size = 1114368 |
|
1 |
Process #2: exec.exe
81
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:07, Reason: Self Terminated |
| Monitor Duration | 00:00:28 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x98c |
| Parent PID | 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
990
0x
994
0x
998
0x
99C
0x
9A0
0x
9A4
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe | 71.00 KB |
MD5:
c499e9350dfd74eba5d15fb183725e61
SHA1: 04a76b08175c51c808e221a614698222e3f983ab SHA256: 3380a59f6277030af31ecab0023af30a4f63e5b4407f1aba4a262c34fce397c9 SSDeep: 1536:1FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKBNY33sGD1s0+o:1YPxAwtPtoe/zLaGmCZrqcBS33bD1s9 |
|
|
Threads
Thread 0x990
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:37 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 106923 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15870564687 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 106969 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4200 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 8853008, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 8853072, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 196, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 8869144, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
3 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| File | Copy | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, destination_filename = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\exec.exe, size = 260 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x994
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Thread 0x99c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 |
Process #3: cmd.exe
298
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9b8 |
| Parent PID | 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9BC
|
Threads
Thread 0x9bc
298
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:42 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 111946 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 16643977667 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a490000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76e46d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76e423d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76e38290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76e417e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 47 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\netsh.exe, os_pid = 0x9f0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76f50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76fa14a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\netsh.exe, address = 8796092882944, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 40010004 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 39 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\netsh.exe, os_pid = 0xaa8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\netsh.exe, address = 8796092887040, size = 896 |
|
1 |
Process #4: cmd.exe
166
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9c0 |
| Parent PID | 0x96c (c:\users\5p5nrgjn0js halpmcxz\desktop\exec.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9C4
|
Threads
Thread 0x9c4
166
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:42 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 111961 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 16645492182 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a490000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76e46d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76e423d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76e38290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76e417e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0x9e8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76f50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76fa14a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 8796092887040, size = 896 |
|
1 |
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e8 |
| Parent PID | 0x9c0 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9EC
0x
9F8
0x
9FC
0x
A00
0x
A04
|
Process #6: netsh.exe
64
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh advfirewall set currentprofile state off |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9f0 |
| Parent PID | 0x9b8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9F4
|
Threads
Thread 0x9f4
64
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:42 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 112320 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 16773394601 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\netsh.exe, base_address = 0x17e0000 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RASMONTR.DLL, base_address = 0x7fef8770000 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 22:27:43 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 113428 |
|
1 | |
| Module | Load | module_name = MSVCRT.DLL, base_address = 0x7fefdad0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
6 | |
| System | Get Cursor | x_out = 369, y_out = 550 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\MFC42LOC.DLL, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rasmontr.dll, function = InitHelperDll, address_out = 0x7fef878cf70 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHWFP.DLL, base_address = 0x7fef3610000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshwfp.dll, function = InitHelperDll, address_out = 0x7fef367b6d0 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DHCPCMONITOR.DLL, base_address = 0x7fef8840000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dhcpcmonitor.dll, function = InitHelperDll, address_out = 0x7fef8841a40 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WSHELPER.DLL, base_address = 0x7fef8810000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wshelper.dll, function = InitHelperDll, address_out = 0x7fef8811720 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHHTTP.DLL, base_address = 0x7fef8800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshhttp.dll, function = InitHelperDll, address_out = 0x7fef8801c24 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = FWCFG.DLL, base_address = 0x7fef85f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\fwcfg.dll, function = InitHelperDll, address_out = 0x7fef85f2d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = AUTHFWCFG.DLL, base_address = 0x7fef3990000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\authfwcfg.dll, function = InitHelperDll, address_out = 0x7fef3995d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = IFMON.DLL, base_address = 0x7fef87e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ifmon.dll, function = InitHelperDll, address_out = 0x7fef87e1924 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NETIOHLP.DLL, base_address = 0x7fef3b80000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\netiohlp.dll, function = InitHelperDll, address_out = 0x7fef3b9ce30 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WHHELPER.DLL, base_address = 0x7fef86e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\whhelper.dll, function = InitHelperDll, address_out = 0x7fef86e210c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = HNETMON.DLL, base_address = 0x7fef8690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\hnetmon.dll, function = InitHelperDll, address_out = 0x7fef86922a4 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RPCNSH.DLL, base_address = 0x7fef85c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rpcnsh.dll, function = InitHelperDll, address_out = 0x7fef85c2e88 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DOT3CFG.DLL, base_address = 0x7fef85a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dot3cfg.dll, function = InitHelperDll, address_out = 0x7fef85a390c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NAPMONTR.DLL, base_address = 0x7fef35d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\napmontr.dll, function = InitHelperDll, address_out = 0x7fef35e048c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHIPSEC.DLL |
|
1 |
Process #7: vssvc.exe
3
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\vssvc.exe |
| Command Line | C:\Windows\system32\vssvc.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:50, Reason: RPC Server |
| Unmonitor | End Time: 00:01:13, Reason: Self Terminated |
| Monitor Duration | 00:00:22 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa08 |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
A1C
0x
A18
0x
A14
0x
A10
0x
A0C
0x
A20
0x
A24
0x
A40
0x
AB0
0x
BC4
|
Threads
Thread 0xa18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 22:27:43 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 113116 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17186780632 |
|
1 |
Process #10: netsh.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh firewall set opmode mode=disable |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:05, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaa8 |
| Parent PID | 0x9b8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AB4
0x
AAC
|
Process #12: exec.exe
23
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:36, Reason: Autostart |
| Unmonitor | End Time: 00:01:43, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x550 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
554
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| exec.exe | 0x01020000 | 0x01035FFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0x554
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:28:43 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 22370 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6594207301 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 24024 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll, base_address = 0x0 |
|
1 |
Process #13: exec.exe
23
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:36, Reason: Autostart |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x558 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
55C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| exec.exe | 0x01020000 | 0x01035FFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0x55c
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:28:43 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 23119 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6668358649 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 24414 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll, base_address = 0x0 |
|
1 |
Process #14: exec.exe
2364
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:36, Reason: Autostart |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x568 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
56C
0x
5EC
0x
5F8
0x
61C
0x
654
0x
658
0x
66C
0x
71C
0x
720
0x
724
0x
728
0x
784
0x
788
0x
7A8
0x
7AC
0x
7B0
0x
7B4
0x
250
0x
6A0
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 246.27 KB |
MD5:
8402fa4c03819de72b6f6e35e801fa14
SHA1: a038c34491d7a93ad1d1fd1bdd1cdc85ec673860 SHA256: 7245910d3b9a9f1ddedd3e97d0b0d8cd11a679fbf240929d1ebae4283a33ed1e SSDeep: 6144:Ind2msZY+ctXXg5+wQ4b+EwrQ2Gj9ZnGpxje1q7quS:OdT3B4+wQ4bArQ2Gj9ZEte1qWT |
|
|
| \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 17.64 MB |
MD5:
ce759cbb7116fcac171cc306189d0207
SHA1: c05dfa1f2799b67747cd8e0ff58a9c9626ed6206 SHA256: 9a70db9cbed5d899d08bc72720f7b492b3618bb3d95c1c6737433f0f000ced84 SSDeep: 196608:+n680fUIyyPHgvDXadSLsS8nQsiAESlYnwZrja9segf:+ndkUaovsItAynevIu |
|
|
| \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 17.36 MB |
MD5:
419f2a17a6d8369c17ecc156322a4494
SHA1: e3e9ecf51c17ef7270585377d68c2070112faf9d SHA256: 72e5e54b4bb6cbc738d72d210d02ebd46e3dd9ba8ed354d591b3075db498d0c7 SSDeep: 196608:L+vjzyOui6r+Qo4iT6YqQitn+KgxUzGVw9vV+Ud5CP46ZjNK:yrN67xdBtSxUzGVw7+YMggK |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 75.91 KB |
MD5:
e2d5f4afcb58a79248d0070e733b61e8
SHA1: ae0a3298d571cbb5894f0a846c787915c31d75fd SHA256: 73c3634a6a58ccd207797a75aec0cd863d8a4fe872f1c23510e0632a671ccbee SSDeep: 1536:G4MiqOzqQJzfkdv7wWPlTnjmxs/NE4CxLs+MSeU6LCrDy1xn0WHpDko:YBOuQJrILPtjmUERxASeUDWJQo |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 276.27 KB |
MD5:
b9de4c87a44521748b52be1504c10151
SHA1: 8da2bb212201367dcc07b71005425e2e881b1da5 SHA256: 3f4dadffe7ff578a103aa4f4db63d83112fa886ee56f3de88e775b40ca6d5807 SSDeep: 6144:nlhZ+7gmj/iBiS2UfO6aG2fYyWVL4BGk653sOTjfmU:lhZS9jS2UGJJ/yLM6D/mU |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.28 KB |
MD5:
f38c7a1c54f2d5233aae7e8ab6f2d756
SHA1: 3ff1bdcfa10b295ccea3e7fd706c49ffc1a5f77c SHA256: c0e307dd42addfe1754954ede214e715bc25f835356fbb7ae7cafcda16ed7b59 SSDeep: 6:qdmKJp59bqD+pk/UsGBfNkmVh0vNbFJjNgut41/m4:am6jQ3UBSi+JFJG1+4 |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 106.53 KB |
MD5:
d7a9f4636dab3c79f8c87fbf4d890d7d
SHA1: f83ccb603d20a45649253f2c70a513f21074caa9 SHA256: 7066cd5d668e2b79acdb39dc6c328d8ff4b954393f8e032e22a2c4b8c324842b SSDeep: 3072:Y8VlAsFEWnPxtKdnDmk2cIbku1NUI6SnClGeYhH:1bAsKWPxgD9219/UI6SClGeYd |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.58 KB |
MD5:
08c69be51eacc127601ea469ec0784f5
SHA1: cc53edf2780f2a1054d45c450647b6cff61b8d9f SHA256: 04fd6236733e6da322d9dd2a996bbde4b42ea906831d0916ca8d6bb263929e6a SSDeep: 12:gK+t0cPR7ERWWGlwtQd23XORlm5Q0Ahel75HrI2nmUi+JFJG1+4:gKzrGuhCHBwrLdFU1h |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.41 KB |
MD5:
68bf1f2ee800660818230c0954d866c3
SHA1: 4f6a61639b2ed6c1d936fa6b88ba25d6fef40337 SHA256: 71dc2a0a73867bc0cb5f8158a75cca35e328ac65cc2ccead32a47bee4d0f1210 SSDeep: 24:1SZTcWP37jXBdmhUJ+4U1mO+WiCOZHNHTuMq2a+lOWbex2qyuCN9UyiOpFU1h:1o/vxd4UJbwmO+WiBZtHT7wcE2qy/Qyo |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 34.55 KB |
MD5:
65844b57e3ed2ac6243c6be5b9cc6909
SHA1: 12ba151f40eae66722ccaf459622a0d44d6a7232 SHA256: 966b2a9bcb0045d7e8c9f8ca279921ea7c2f947cc618c96cd74ea438d60456ce SSDeep: 768:1pGRDmmyJStmDS+2SGqUV5OYKNxW9qy06lxZEH0y2l8cZFqT10Cun:jR1nSAGwYr9qy06PImFiCCun |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 52.19 KB |
MD5:
20802f97fad513ef016e52162391a9a4
SHA1: 1b530b3c863cea2a1d17954cfdfea08a66b0f381 SHA256: c85385a42b01931febc82d95046cf88919ccdccb3bb9afea4147aaf857772f8f SSDeep: 1536:nKhvGXBxcha4mmF/q+HUrZ4ruQV54wihDzenfH2:wvrha4LKWRnxAnafW |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 135.47 KB |
MD5:
d8bad940c0b3c09b6f30f4e2ace2852a
SHA1: ce707a36e1dc2a8e22822b70ae4652b6cb1c78d4 SHA256: be59ded9b93f8c068ae74ce332e9f4be5910bbfb9b425ddae5428b6db7bed20d SSDeep: 3072:3n8fbxFhvOvazpV/teQ9j1ibqLi3G/VExYypq:XEbxOvspVFxNTLH/ixYypq |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 5.27 KB |
MD5:
0a20b8a09b7842df1a7f1d79caf260fc
SHA1: 53db0f3a978423e9c2da56e2893084c22b7cad52 SHA256: c378778f019cc4d453fdc4fd8a4eed15ea8200f22262e027cf62e818d80ba356 SSDeep: 96:3FRFC1aKlO9zSxqR4cF3d9SeBzl3XLNuHUkuAF98P7kDKVm:3DFCLgSat9NrNoUkBuBVm |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.39 KB |
MD5:
7f5e934c71367b7cdc6ec4bfd7f9c33f
SHA1: bcd9f3539edd39b9e903ceb66a93e411f10bfe65 SHA256: 790c803e5051d08da2a0712ddfade9921fd2a74f586719310c41b1bb46f8e96e SSDeep: 24:/9EFLa82dw7iaK6ii/1v8OoOiRuEznNM5dl8e56BDbyAnQKDujez:/YGrCMi/1vVoxQEzKdGeYB3yskg |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 64.91 KB |
MD5:
f5cfd21bda5d74ffa7dededd8b1d0896
SHA1: 32a2b50b40514be304b9ca00613f1b34cc17e280 SHA256: 9143ec7819405e86ad7623e941f7106131b9a8ac66d5cca66c68dfc54074e2e7 SSDeep: 1536:Bn4orZVVhIOPUfeshY+gMkm8mVwcKIDwz4txBOjKC4cf:5rZVVhIOxJ9mtTwmBsXpf |
|
|
| \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.86 KB |
MD5:
ef103b4f38fe617ff509644be9ca80ca
SHA1: 9a7bf4ba24aa610c11b0c5fe227cfafdd9635058 SHA256: 5f4375fdc38aceb393eacf8cd0c6942af37155bf48a162a0d2c9687318f9a3e6 SSDeep: 48:4yNunELGTiQAWShW0ibRZGxZU79kXjGUsadQrCI1msN9pldkg:4yNawGTi2xrrGsBkqLaSrf17Pdn |
|
|
Threads
Thread 0x56c
64
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:28:42 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 22183 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6575364508 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 23977 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4200 |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 31151536, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 31151600, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 115, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 31151872, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 115, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
3 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x5ec
241
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
12 |
Thread 0x5f8
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
1 | |
| Process | Create | process_name = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, show_window = SW_SHOWNORMAL |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Thread 0x720
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 |
Thread 0x728
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
12 |
Thread 0x784
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x788
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x7a8
623
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = size, size_out = 85056 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = size, size_out = 43600 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = size, size_out = 89152 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = size, size_out = 3694080 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, type = size, size_out = 3876772 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe, type = size, size_out = 485760 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = size, size_out = 88144 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = size, size_out = 90176 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = size, size_out = 89664 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = size, size_out = 87104 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = size, size_out = 70720 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = size, size_out = 70224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = size, size_out = 70208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = size, size_out = 383786 |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, type = size, size_out = 479 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = size, size_out = 251904 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, size = 1114368, size_out = 251904 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 251920 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, type = size, size_out = 17420288 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, destination_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786722 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, type = size, size_out = 348974 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, type = size, size_out = 94048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, type = size, size_out = 2827616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, type = size, size_out = 45920 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, type = size, size_out = 31584 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, type = size, size_out = 252256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, type = size, size_out = 219488 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, type = size, size_out = 652640 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, type = size, size_out = 11616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, type = size, size_out = 53600 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, type = size, size_out = 275808 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, type = size, size_out = 107872 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, type = size, size_out = 556896 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, type = size, size_out = 360288 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, type = size, size_out = 13152 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, type = size, size_out = 17248 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, type = size, size_out = 26976 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, type = size, size_out = 473440 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, type = size, size_out = 148320 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, type = size, size_out = 1117024 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, type = size, size_out = 145760 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, type = size, size_out = 1206112 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, type = size, size_out = 14688 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, type = size, size_out = 282624 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, size = 1114368, size_out = 282624 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 282640 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk, type = size, size_out = 1268 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk, type = size, size_out = 1304 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk, type = size, size_out = 1248 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk, type = size, size_out = 1212 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 1345 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk, type = size, size_out = 2951 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk, type = size, size_out = 2917 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk, type = size, size_out = 2751 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk, type = size, size_out = 2837 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk, type = size, size_out = 2875 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn, type = size, size_out = 2999 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn, type = size, size_out = 338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn, type = size, size_out = 326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn, type = size, size_out = 350 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn, type = size, size_out = 392 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO.SHAPESHEET.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn, type = size, size_out = 350 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_PRM.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn, type = size, size_out = 350 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.VISIO_STD.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn, type = size, size_out = 338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn, type = size, size_out = 362 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINPROJ.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn, type = size, size_out = 338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn, type = size, size_out = 362 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\nslist.hxl, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\nslist.hxl, type = size, size_out = 8668 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\nslist.hxl, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\nslist.hxl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\nslist.hxl, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, type = size, size_out = 1012025 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, type = size, size_out = 1034556 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe, type = size, size_out = 463016 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 1292987 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 147456 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 5204382 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1462871 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 147456 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 5588256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1034506 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 5153816 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 151552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 821681 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 151552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 654 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5881317 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, type = size, size_out = 766 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, type = size, size_out = 781880 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, type = size, size_out = 666 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, type = size, size_out = 462976 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, type = size, size_out = 766 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, type = size, size_out = 781872 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 4932896 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, type = size, size_out = 35116 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, size = 1114368, size_out = 35116 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 35120 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, type = size, size_out = 138459 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, size = 1114368, size_out = 138459 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 138464 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, type = size, size_out = 1180 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst, size = 1114368, size_out = 1180 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1184 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, type = size, size_out = 66208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 1114368, size_out = 66208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 66224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Thread 0x7ac
223
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, type = size, size_out = 129745 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, type = size, size_out = 2913 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, type = size, size_out = 44488 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, type = size, size_out = 28865 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, type = size, size_out = 39379 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, type = size, size_out = 28865 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, type = size, size_out = 1334 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, type = size, size_out = 1334 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, type = size, size_out = 13427 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, type = size, size_out = 1512 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, type = size, size_out = 11364 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, type = size, size_out = 262768 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, type = size, size_out = 4627413 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, destination_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, type = size, size_out = 8 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, type = size, size_out = 16412 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, type = size, size_out = 49180 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, type = size, size_out = 48824 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, type = size, size_out = 16384 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, type = size, size_out = 1048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, type = size, size_out = 1216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, type = size, size_out = 2312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, type = size, size_out = 1048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, type = size, size_out = 2312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, type = size, size_out = 193424 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, type = size, size_out = 194032 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, type = size, size_out = 415096 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, type = size, size_out = 612 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, type = size, size_out = 119 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, type = size, size_out = 40 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat, size = 1114368, size_out = 40 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 48 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Thread 0x7b0
940
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, type = size, size_out = 17707008 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, destination_filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786722 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, type = size, size_out = 12066 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, type = size, size_out = 222716 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, type = size, size_out = 206316 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, type = size, size_out = 499482 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, type = size, size_out = 14660 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, type = size, size_out = 4 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, type = size, size_out = 873232 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, type = size, size_out = 53411 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, type = size, size_out = 29422 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, type = size, size_out = 83560 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, type = size, size_out = 51881 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, type = size, size_out = 67664 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, type = size, size_out = 49227 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, type = size, size_out = 113140 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, type = size, size_out = 53411 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, type = size, size_out = 58312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, type = size, size_out = 60344 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, type = size, size_out = 57333 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, type = size, size_out = 60533 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, type = size, size_out = 67156 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, type = size, size_out = 63682 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, type = size, size_out = 15616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, type = size, size_out = 254216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, type = size, size_out = 14972 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, type = size, size_out = 14972 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, type = size, size_out = 5430 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, type = size, size_out = 14688 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, type = size, size_out = 48992 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, type = size, size_out = 252256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, type = size, size_out = 302944 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, type = size, size_out = 49504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, type = size, size_out = 96608 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, type = size, size_out = 2944352 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, type = size, size_out = 45920 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, type = size, size_out = 31584 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, type = size, size_out = 260960 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, type = size, size_out = 226656 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, type = size, size_out = 681312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, type = size, size_out = 11104 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, type = size, size_out = 52576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, type = size, size_out = 286560 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, type = size, size_out = 107360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, type = size, size_out = 581984 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, type = size, size_out = 371552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, type = size, size_out = 13152 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, type = size, size_out = 16736 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, type = size, size_out = 26976 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, type = size, size_out = 488800 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, type = size, size_out = 154464 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, type = size, size_out = 1137504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, type = size, size_out = 152416 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, type = size, size_out = 1276256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, type = size, size_out = 15712 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, type = size, size_out = 14176 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, type = size, size_out = 47456 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, type = size, size_out = 235872 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, type = size, size_out = 294240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, type = size, size_out = 49504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, type = size, size_out = 544768 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, type = size, size_out = 14134 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, type = size, size_out = 110457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, type = size, size_out = 201833 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, type = size, size_out = 139199 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, type = size, size_out = 237625 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, type = size, size_out = 112353 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, type = size, size_out = 139197 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, type = size, size_out = 112353 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, type = size, size_out = 1282 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, type = size, size_out = 1388 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, type = size, size_out = 1230 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, type = size, size_out = 1266 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1364 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, type = size, size_out = 1238 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, type = size, size_out = 1242 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk, type = size, size_out = 1242 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, type = size, size_out = 1367 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk, type = size, size_out = 1272 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk, type = size, size_out = 1330 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk, type = size, size_out = 1351 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk, type = size, size_out = 1254 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, type = size, size_out = 1248 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk, type = size, size_out = 1290 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk, type = size, size_out = 1252 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk, type = size, size_out = 1242 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk, type = size, size_out = 1250 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk, type = size, size_out = 1246 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk, type = size, size_out = 1268 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk, type = size, size_out = 1320 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk, type = size, size_out = 1316 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk, type = size, size_out = 1436 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk, type = size, size_out = 1386 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, type = size, size_out = 1316 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk, type = size, size_out = 1579 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk, type = size, size_out = 1989 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk, type = size, size_out = 1468 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk, type = size, size_out = 1468 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk, type = size, size_out = 1899 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk, type = size, size_out = 1322 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = size, size_out = 1242 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = size, size_out = 1294 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk, type = size, size_out = 1270 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, type = size, size_out = 1298 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = size, size_out = 1274 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, type = size, size_out = 1232 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1262 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, type = size, size_out = 1248 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk, type = size, size_out = 1288 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk, type = size, size_out = 1246 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, type = size, size_out = 1262 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = size, size_out = 1274 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk, type = size, size_out = 2741 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk, type = size, size_out = 2441 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk, type = size, size_out = 258 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk, type = size, size_out = 2269 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk, type = size, size_out = 1999 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk, type = size, size_out = 2017 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk, type = size, size_out = 1975 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk, type = size, size_out = 1206 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk, type = size, size_out = 1114 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk, type = size, size_out = 2919 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk, type = size, size_out = 3042 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk, type = size, size_out = 3026 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Project Server 2010 Accounts.lnk, type = size, size_out = 2977 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk, type = size, size_out = 2879 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk, type = size, size_out = 3029 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk, type = size, size_out = 2937 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk, type = size, size_out = 2935 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Project 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk, type = size, size_out = 3041 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk, type = size, size_out = 3055 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk, type = size, size_out = 2767 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Visio 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk, type = size, size_out = 3021 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk, type = size, size_out = 1169 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk, type = size, size_out = 3055 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk, type = size, size_out = 1330 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk, type = size, size_out = 1352 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk, type = size, size_out = 1326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk, type = size, size_out = 1210 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk, type = size, size_out = 1547 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk, type = size, size_out = 1246 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk, type = size, size_out = 1266 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn, type = size, size_out = 390 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\Hx.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn, type = size, size_out = 326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, type = size, size_out = 350 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn, type = size, size_out = 326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn, type = size, size_out = 332 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn, type = size, size_out = 344 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn, type = size, size_out = 380 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn, type = size, size_out = 344 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn, type = size, size_out = 368 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn, type = size, size_out = 326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn, type = size, size_out = 326 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn, type = size, size_out = 350 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn, type = size, size_out = 332 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn, type = size, size_out = 314 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn, type = size, size_out = 338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn, type = size, size_out = 338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn, type = size, size_out = 362 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn, type = size, size_out = 344 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu, type = size, size_out = 368 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 997054 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, type = size, size_out = 654 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type = size, size_out = 455720 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5800228 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 151552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, type = size, size_out = 666 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, type = size, size_out = 455576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 809765 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 151552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 143360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, type = size, size_out = 53188 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, size = 1114368, size_out = 53188 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 53200 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, type = size, size_out = 5120 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, size = 1114368, size_out = 5120 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 5136 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, type = size, size_out = 2676 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 1114368, size_out = 2676 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2688 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Thread 0x7b4
249
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = size, size_out = 129745 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat, type = size, size_out = 1897 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, type = size, size_out = 442 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, type = size, size_out = 370 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, type = size, size_out = 1854 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, type = size, size_out = 1338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 343 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, type = size, size_out = 216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 1958 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, type = size, size_out = 1130 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, type = size, size_out = 520 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, type = size, size_out = 606 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, type = size, size_out = 174 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, type = size, size_out = 516424 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, type = size, size_out = 164 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, type = size, size_out = 77477 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, size = 1114368, size_out = 77477 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 77488 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, type = size, size_out = 108824 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT, size = 1114368, size_out = 108824 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 108832 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, type = size, size_out = 342 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log, size = 1114368, size_out = 342 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 352 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, type = size, size_out = 1197 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log, size = 1114368, size_out = 1197 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1200 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Process #15: exec.exe
23
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:36, Reason: Autostart |
| Unmonitor | End Time: 00:01:43, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x570 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
574
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| exec.exe | 0x00980000 | 0x00995FFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0x574
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:28:42 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 22245 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6580429798 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 24008 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Release | mutex_name = Global\00019C354B4201 |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll, base_address = 0x0 |
|
1 |
Process #16: exec.exe
31530
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:48 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5e8 |
| Parent PID | 0x568 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
604
0x
608
0x
5D8
0x
5D4
0x
310
0x
60C
0x
61C
0x
684
0x
7D4
0x
494
0x
354
0x
7B4
0x
7AC
0x
29C
0x
46C
0x
420
0x
6EC
0x
5AC
0x
768
0x
52C
0x
318
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.08 KB |
MD5:
d918d97822cdadf6118802f2c9bd1caf
SHA1: e494a0a60f0efbb1545cca014068646334ab4e84 SHA256: 37337ead1914f05eb7f90d4a51834828f6f8e83eec68ae059654255d472ab1ad SSDeep: 48:nYKFmuvDAQevBlEHDzU3gYmkzL/YB1IcmXCnHeXysAhHN:PF/BNDz9izL/yak+XysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.03 KB |
MD5:
8f176ae612c7fc6dab561e961682c008
SHA1: e881c022c29125ac6203e703c86b532532fbb13c SHA256: 05db3b263dc8760ec09528c3169c9c2f189bb7c2638c217fff73951bb38de38c SSDeep: 24:esiuLm3ZoCvvxagwTzuH1gDRmZlwM65cW/txygHNUysAhrNhN:8bnLwnEmRqlt6aWF/NUysAhHN |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.67 KB |
MD5:
56f1f846dc42b417a1fc636da7de5eb3
SHA1: 38a22fb7dcf2a3e1d8c0225c412932eb78e95652 SHA256: 99732c9bf7d0ddd3f9b9d3f62e948ab382f580047ea72df604310ce821eafab2 SSDeep: 48:TXzYr91hNEhTRZeGzPIZ1oy6m9ugT8sBGXH65f69I4ysAhHN:3YrnE/kGccy6m9ugT46f69I4ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.55 KB |
MD5:
9fb521ac0c0182811cefc302f9b2bfae
SHA1: 8b53fcf58bce9ee660a896ddcc9ea3b0c37ef45c SHA256: 1bde215315131bdfdd95eab5f16df38ddcfc94aeadaaac70f138267cf2ed07ff SSDeep: 48:6QikXbLxv5ypyTMs63uT/6FHU8dCGjhieFXeY6Y1RTVBpz5wQlzcbQuhysAhHN:6ZILxvjZdTyF08g8FdLTVWQlzqQuhys+ |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 3.14 MB |
MD5:
8d68da1e5a9522a709abea5bb73058c8
SHA1: a7b9da596de176fa044259f0d2a9dc0b46a87b02 SHA256: af50131f7552084dc3b8f4ab321170e74346bb96fc16a3de0d6cd48a4c9f1a47 SSDeep: 49152:zDxL8QBo6Tex4S120ytJysIvA0AFtsYjukF11T6:zR89j11AxtJTv1T6 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.66 KB |
MD5:
31bc0466aedad2b9b7106d09ac09fa32
SHA1: 7b5547e15abe39bfa2b9e5d7f034c48c9608123a SHA256: 633689698a1392224349710a81cd096c7d3fe7044cb173b89d7c0fffe243ff38 SSDeep: 48:QM/ol7pDtZCwDYE+ku9YWP660BpHHysAhHN:Q+qVt4EtG66YysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.06 KB |
MD5:
d8825680b491412488c1d92b2c70fb25
SHA1: 9017442b29231d29899f2f08fa5f3cc15c152cd8 SHA256: 8fa2f1862fde0a1507894c8d51dc17d1ea3a9d78b0aaae5efc6fad4c799d22e5 SSDeep: 24:53r7iamYaFSPSfvNcR+vs2Ig6IXIird9vfKxJScF/ZysAhrNhU:drmamYE624IXFd9vfKvS0ZysAhHU |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 6.35 KB |
MD5:
b0ff76536e409953e212ee73bfe30bd9
SHA1: d77b62dd1af6b4c88f0928eb4cb60d75e34639a5 SHA256: d5094c50ef7b8e816fb6929e3fe77dd467322b8a5971f5e734b78b5758047c53 SSDeep: 96:yyI/cdBWu3AYqS82ywpYNIJOGKwKMvllpkN57r0gSJ1DIbKBMQysCt:/I6WuwYc2JdC+nk37Ig4RIbqMQynt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 582.61 KB |
MD5:
63283f09713fb7b3d60d5e6270c91cdd
SHA1: 7b7c2eec74f43b4ef1bf3f3ac23a4ba9c959eb5b SHA256: a3737bcab3bb77527ed9349c2b8d88ba0f55abf298bbf82cd467073ccc9d4476 SSDeep: 12288:wCSJlQprbgQZWPLzsVoZPaqzDx3aMUsuw90JD5ApZIsL9U5+:Rpr9WXs4aqYM37KIPIF5+ |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 8.77 KB |
MD5:
06c00d7ed2007c183f5752e1648f2fc4
SHA1: 5ab771bb73090a7cc4f9cc51dd032486b942397e SHA256: 5b373f3c65e5aa0c45dc724a6bcebb439ff643fc2f3c7d45627c3b42453b1b06 SSDeep: 192:D50yTGN/BoLepa30ibBzfqazBlnourz+46KmUCZWK7WGlzSIynt:DSACpo6sJzSavnrMUC57P2IM |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.25 KB |
MD5:
50e257ec5fd99af8252a8cb66949ba37
SHA1: d342e8a6e0071496174fbff841ca442a7c060a15 SHA256: a6b23e62c4c221bde03591407ac2bbd1c4af3a9a273d463f9368ce05e83d3978 SSDeep: 6:S3+w6dp3jkwdeAMQ0ysBSPZtEZPQNLVfjKO:S+NDy/ysBShrNLVfjKO |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 42.53 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.00 MB |
MD5:
807487b6b6320ed02d565495c1291d86
SHA1: 2b57a68e3f3b1857c9354506d703999e2d415c28 SHA256: 83bb72ab60ba9bca76163a36564a0b99965d32dbf97c94c713b7609645a4e15e SSDeep: 24576:wOlR+LwO8lAQdyqULi6tch9xhfXlNBoX99q:jILfV7qUO64h9N8Hq |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.61 KB |
MD5:
fb9640b3784c672527a3ecc82a0cbab4
SHA1: 58286cabe25d3b4161fb5ab9aa38fa90fdc5bf1a SHA256: ea8e81b5bfb2405cb88383a88f9b3280b3158f89f4c693c77b6d76d4e09b2e77 SSDeep: 48:uBHolHP853d8PdjqogPHkE2YgGkPvJSKK7nfZEi3pLVhjWldDr7Y5Gx/2O6lxsyU:uRoJ2N8988zpG6AKUfZpUDY5GJ2zlayU |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 405.72 KB |
MD5:
0cae151e0db96009948f99156ec59ffa
SHA1: 9662a45ba703f8042c79d9570c5f19b754f7c73f SHA256: 772e4d7eadc3c091e3e6e115e977f38c2ab78d83447c85f02ff5d154af97b05e SSDeep: 6144:ziMvccr0sQBzjZyrb8WSgN0O5reK0hpRjrBjpkB1Fh/WZZ2UmKPFCqElDepeMFdR:91p0Zo8uNF5qK0hjrdQ+TCNDepp |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 189.85 KB |
MD5:
38c3634de1c4c04e9cc206f5ccab1780
SHA1: 2cb9be56b34c9f30e2be81c126b6daf2385418dc SHA256: b19bbd38d1b46a9b6f5dcbcff03acbb46888d4caab5be09b350cd75048a26eb7 SSDeep: 3072:0SvKqQdGGRtS2t0p0b1dC6QpLwhK2raupOUCeiKS5JVO7RMscA2m6vg5kK:9iqQdyprBwhJWupOcFCJVGSsc7vg5kK |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 21.78 KB |
MD5:
287d9da0a96e591b14b5ca77c510e174
SHA1: 259b6b6b9e94e0d219daf20225b492041e10bb06 SHA256: 8cb918c4cd76c55c9de9cd7c8241981f44016a3b9206690067b64fbfbb749234 SSDeep: 384:QuX1GAppvxK+jCSyY9slhpn1aMveezLIzE20U0zozivr715B03IU1hVYZa91:QW1TnoEv9EYMGUt/UegAHB/U1hik7 |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.41 KB |
MD5:
d084c8ebff55be647bd9687124902153
SHA1: 463fa10aa67bec3496d7f9804a53b8b0e7d9445e SHA256: b040d17aa6ce2e17c140490a69aa47445acc370ef39c2fd441b6ec94105a3c09 SSDeep: 12:b8ncAjdSS4hHM/z+qanz903N64+ysBShrNLVfjKO:bgcGkSsHM/iqw2N6XysAhrNhN |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.67 KB |
MD5:
b6bb8a22ce93d4a7967986b3452ef2bf
SHA1: 6f4f30f59b407cf5a030c31b1dced59f0882e652 SHA256: 78d4cebc7f2a2ca98c0ab287dbf603088c051fafaa77d723f89e3e6991af95a5 SSDeep: 48:EQ7gvDSlcmqMHSRj0dBqvUgIId8gK2hJUtAECysAhHU:1gvelcmNa0dBqMXgK2jUt6ysC0 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 3.14 MB |
MD5:
3b8291ef9e3ee89aa457e04d28dc738e
SHA1: 05f45a015811d7ac339a33921de9727cc6fc70e7 SHA256: 13df80f556dba1159bcea35f5b038a96ec7bd229c4cc3c1ece7e491d0fcc55c7 SSDeep: 49152:zDxL8QBo0Tex4S120ytJyAxb3gIoHPtrgD7wAs:zR89t1GQfV8X3s |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.67 KB |
MD5:
5ae7ca1e840b30a41d5ab8215387cec3
SHA1: ff9ba57f8ff76a9570a55e74ad8a6cd21e5a767b SHA256: 349da2736076780c77bd2aef1fef275f553e76e9f5ed6fa016e158740a66f50d SSDeep: 48:ltEn3LMns5nVIN0SvlVe6P1SiQBhvAebizXysAhHU:ve3LMnsBVtGVeCszAebIysC0 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.81 KB |
MD5:
d30b00a4afcc2fb5d944defa44fd8f85
SHA1: 9829ed89f1a4946943a1e013b55de6cfce7e4e29 SHA256: afd8488bb139fcd9aebd0d1cc13c80748980e2276c3dc1f77c1b6806e0581cc7 SSDeep: 48:XSNwvfw7+Em4P5CCni88iwSywFVJxnQbysAhHN:CNJqmP5/nW8L4ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 3.36 KB |
MD5:
121334b4afc82a08c0d26e8d4baa30cc
SHA1: b1dd427a564e270b412bc05f5d7cd00659c62b1e SHA256: bfdf15ed09516e00348b477db06f77a517ba68a5ff2b2e272176c223d5577396 SSDeep: 96:zhM/MPkkYH0lD/JRD2msuMyOPcl45VKYysCt:lMU59MmEyOCuynt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.61 KB |
MD5:
1b1b5f11c0758f328f3e33c0dce16c6a
SHA1: a8bf9155c2df984f67b0bc4ad11004f8e05c389a SHA256: d46ecddd4d7854f881663419ddb15a7d66c6294019cea18e430766a98dd6d198 SSDeep: 48:eQaN0fTmMSyOZ2LfolECbO+XFRU/s+ZCiW5iyWUBYk8lm/UF6vnViuqggH9sGi6m:KNry2OQbLFRUE+ZCinyWk+gsYwcgH6lV |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.35 KB |
MD5:
07ae2524084598e54e01bdc5f1698e0d
SHA1: 46fa62d4e68f065c4a59750b9e4a041d797dfb62 SHA256: 0ec68e46ed24aebe701928354e52a94d5267ec7f1a128eefe7f060d3feaaa0a4 SSDeep: 96:d1mQO78hDUyWJGbC4mR+7IP8zETqhLtiYn63EMW4spuVxRQcU+adkeQsjqOysCt:zY7sI8C4l7I8QItiP0bhpwU+IQ+hynt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.00 KB |
MD5:
31ca7028dba42dcfa431cd1ef6e535d7
SHA1: 2873aec9a617d601df082aea02e3c612d6b66a50 SHA256: bd55b0dd776fdbe69bdb2238e458f592006e05c6e7a2374790ffc0ef407c5fb6 SSDeep: 48:JzDv3iviu31H6JNCxB4pOcB5mOafXZUVt+UVWntysAhHN:Jz7ilVXxBMxB57afmHotysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.56 KB |
MD5:
87bc23c4e48b167162969ea6eaab71f8
SHA1: 02bb5569d37b73980b28b63b1b20b014ab76c797 SHA256: 50f8aca0a904869e359f6219789ebb658f03a97313933eabb000207a7d48e5c9 SSDeep: 48:HAuEcCK4M4bufIAigXS8+cxEDHKN2EhBxFtysAhHN:g1BKzfIAiSvxEGNbH3tysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.67 KB |
MD5:
c0829a7a4be1c63a87a95983e890b756
SHA1: ca79702b671e07a241b99dc24c62c46b3abeaa1e SHA256: 697aee9ec35d8d83e3bab9b23d406954591c98f510bd0a72fa4acb1fedc04c3c SSDeep: 48:aB0DTupPs2zb+MEIuB4Abw5+899lO8OyFY+iQ44ysAhHN:aB0izuMEIuB3899RRFY+1ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 5.99 KB |
MD5:
175145a3ed37410e48b6034dc8d1c71e
SHA1: 29aa459a628370aafdafe9295084f45d8fef1a42 SHA256: 6157aa6e881ac1c465332617ef84da34d90e4dea7b7cb20f3fc92a7711cf4283 SSDeep: 96:h4VCuhKC2tUg1tYrPu/f6TGUcX+mteiQl3g9lR/IaJAFelvMynrT7YyysCt:6KZJtYrm0t2DlK3QL/IjFexb7tynt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.94 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.60 KB |
MD5:
e1787e4ae2cfce44ff13370dfaca935e
SHA1: 806e4aeb242707fece505963ae13719264c4de16 SHA256: 1d9e37278be75399e83467f8501c5748863f9c09126c004e5214e2de5889dc5d SSDeep: 48:+g+CjDIFrmQt8lKYJXFwYN0TB3feFXl0PfysAhHN:+gBjDUme8lH+Y2mF0ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.44 KB |
MD5:
6bb3ba9f50a4edb85f558a844f1c3017
SHA1: 820f81ec584899c958aadbea4ade42fad3af992f SHA256: 5a0e7b01a5cc71b526612a1f68f711c4e7c3d26c3a83c691e7d6f3dc4f5dbd7a SSDeep: 24:n68yeZRxYkPZhbxU3bUouc2yN4rPJ5IpXnO4xfCAZ0MiNDRer3ppr87sKysAhrNP:nx3RwbUoaycCpRaAZT4uHEzysAhHN |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.05 KB |
MD5:
c3e4f89ab3ac9a7b2569d93206079b38
SHA1: e3e13527b47ff1e0fb909b4bb2a27cd9ce94d7d7 SHA256: 2a1dfd52b5a5504582ed010dc12d377ed272ed336408d39f6b43394df0fef217 SSDeep: 48:8vmwjBeA+NCjmKu2nMZtARnQ/FwrK0peH2sqysAhHN:lkBebqu22SYBaysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 9.52 KB |
MD5:
5b7fc2e1f5b5d6e9dea071c3fd907ba9
SHA1: cf4576681fd09ccc761b463310cf35537fccdb92 SHA256: 6bc35577228afba890e689767ef69e5fe9c36d68634693780cc1b4438a00a8ef SSDeep: 192:V7yVIuP/xXidci8sFd0XnsY8o1DRs76MPED1FxmpHynt:MV1/xSdci8sn0318o1Di2OsFcHM |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.81 KB |
MD5:
373b584f97fc27d42c300f0980b302f0
SHA1: 9f3e1cf04b3b67708ce816d5abd1c675fd65ad55 SHA256: b370a98c8e5cb85f7532e68d3a41a5cb454948ddb78c8e7c398a8c8329a2696e SSDeep: 48:OvolcAF+YySED/TBKgYBx+AzP6qQ+aysAhHN:Biay71KR2Azx7aysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.19 KB |
MD5:
910d36c6a67d9e5502daa083915f4b55
SHA1: 79dc12a3f64cf14e64971947bfecaad379c5a6f5 SHA256: 91e1d979f14cef41dec0d1f134454965261e1d63216012c2ebffb5db1b868d3a SSDeep: 48:JHQ/vhfSKQpjFUVkDL+VWH5wY42YLTozOuS6V2q0ysAhHN:JofSKQpjCKDkWqfLSwPq0ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.66 KB |
MD5:
639b03f4df45b3fac44d35b56e99d8de
SHA1: d67de51587034c60eb03edc9ec62f5fef6259415 SHA256: 0028594c95fcd330a39e102cc0690c8f432d4ecea5407c900c324e8131b41c96 SSDeep: 48:YvRxF+/TXdDnIOYd+fNmGaoEXglG5ysAhHN:mRxROlCF5ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.08 KB |
MD5:
f7602a72f850edfc99fefc732f5f8960
SHA1: 68f38aa52677f1f57e94f2f3972cb6c66ccfad16 SHA256: 56a77324b15dfce5281714eee06d0b3b72db4a98fdbf5a8f1ee4032b14202dd6 SSDeep: 48:oPwXASBOjaNzwRv039VkAMQYUdKCCjhDWEQCA0l4LysAhHN:osUEcq7PYUYCCjEEQCA0YysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.14 KB |
MD5:
f0987f178fe6f595326142f502d06519
SHA1: d271896801eeb07c76b8476cce89807349b2a3d7 SHA256: b422bb3e45c02e8ad947f71d07b1722a9d8162d69d5021fe60b5866f322a11d4 SSDeep: 24:iNPXijjuHSbVYrz9YZFByz0STBAHhsuf6V++b4TSu/1ysAhrNhN:iNVKF8Ttuf6E+WSu/1ysAhHN |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 3.15 MB |
MD5:
4ccc0e4cfb5ec4ad2b5fc5bd09a8ffae
SHA1: d06634bbd08ea029630f89f191a1a015b816e9a8 SHA256: b83526640cd0a48ed7bcff408c681fa9f99e80863630654669aa9723685ad08a SSDeep: 49152:zDxL8QBonTex4S120ytJy0uznKBdMLYrrXGBps/HAl29TeQkec04F:zR89K1smgdTr2GgM9TeIc9F |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 582.61 KB |
MD5:
94c86969bb0cc30a9ad09cfbf38cc34e
SHA1: b9c7dfc4fdff78dad074286615fb28e573e877e0 SHA256: 5adf8f587ed53fa3ae24e5b5d6ac8ce7554e066f6b0c36589e466d989c3bd2f4 SSDeep: 6144:GbFjBk88d0jVEqGimuJNZ8F/2ILEHi/cJ63arm45pWOgB4FFUSQ8pJy4yzn0yeLg:w2Rde2g/m/fECyyaLpWOgK2xqJy4UH |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 5.67 KB |
MD5:
212c68499fecf7397c18fe0269686014
SHA1: a3e03701cf43dee3fd42047d6834682bb7707cd5 SHA256: 7d6ba43c5646ef55c253d6a9382104b4e38146cd0c153112b3c84e4e362bd7f2 SSDeep: 96:9a3059mqg8F0ugS3LpOUXRdJ7oJrz9ca7WCldmLQ3lFN7Fz4LMnsAa/b8AsZkAGJ:I0jn0gXx7SaRLSlPFMQnA/AAsZDynt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 26.80 KB |
MD5:
0ec8e516a113ba878f493e36a020a636
SHA1: 5b00defecfff51b5153beda1d9a50ff83395ca65 SHA256: c8f0a788c408655cb423abe901d96e1b1c430f23210ce0439d6122b2da53cc5e SSDeep: 384:T48s82sLhL42MccWztjPQZtmx3BLJaz1tBTMxaZwOI6V0hYD9aU7UtRjMxtM:V2s1k2McT5zQZtmx3zauxau8V0hhf |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 65.86 KB |
MD5:
28d1c37eea3e732aa96bd4af76be9b30
SHA1: ae25bc44feec97f7dfae114fa4c17364168861c7 SHA256: ec5abeac1d4c7f91a322fe4c4d34434a658e8d0daa53f74945c29d81a0281f0e SSDeep: 1536:Oe8Gz7Qc3kTaIRLfdzLHo+G+bCvk7inafN6Gk1A2Lbf:gcoaIRhzLHbG+b/inafN6GmLr |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 9.38 KB |
MD5:
dfc0e62cc8a19f262e6357f3c3620d16
SHA1: 0223af8599083a10d778d1f7e9e178096ff02a2c SHA256: 126ae45d83bc0f12221daa666d78572500a232e51702c6684ef4db4a8964bd68 SSDeep: 192:HRF75PhUAvlUGD7vMVDMw2mRyXWR7e4lSLGjXez+qy5D7m5lZqWpwli1pV7qM2s2:Hr7RhFvrzSDMw2mKW9lgi5O5lfhd2sYF |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.56 KB |
MD5:
23b3ee54a02ad0de8c521007bf14f13a
SHA1: 045364a4196671d2edb2c04e741bc3db6f899071 SHA256: 670865cba3ac36e1d7531f218fbd21cf02e18b2a913e8a281773f7be6b84f5b9 SSDeep: 48:HXym5l++k06+p+8wzSc2oXCK98e2WNM2BPT0ysAhHN:HXym1syqhF9yWN5T0ysCt |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.06 KB |
MD5:
0611e006f3058dcef6876774bbc2a4f9
SHA1: 62b8f5fd9f44e2d8744c7083795637e5c9af35ed SHA256: 0b4074ac05670469fa9b9100cbc139419ab27ff3b16aff2676cc94eecc816f12 SSDeep: 24:NX42ZfwVowsWX4nvY52smRN/2rgTi7ovfysAhrNhU:NI+YVrCvY5M/2rgTi7QfysAhHU |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 10.25 MB |
MD5:
5b10e2665f94142402ff6fd0b572b3ff
SHA1: 21ef09db60cf1d4ee64e930b00abefe63d813655 SHA256: 19054bd2c597323dfc7bd57085ae5b243e441d0e48ea62563ff5f2573d91e249 SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+JxF:MUvTiNhU4L7tZiTnprP0txRsJ3 |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.42 KB |
MD5:
80a50d7e6189a3c8d7b0bdc89296474e
SHA1: 313d84af60ce5e6183905818f676f1644a6dba7b SHA256: 40f8991b1a07c66942cda4243753c904b740041f823125eb296cf9d5ff09229f SSDeep: 96:iXbupO07VMzd19LA2B7HyGUDTqwseuq2qrbOahBcmrS/ysCt:gbuQ0xMzd19s2gNspqL5EIS/ynt |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.71 KB |
MD5:
ea9f485365bd5e5bc3a178d1b3576ae2
SHA1: 04ce905569adfaa26012cc469e6fc041aeb53fe8 SHA256: 93c206fa8c58f849534fe6ba6818422e456c412efa7bc432ea86da6e4dc6faf6 SSDeep: 384:Hv6aDiyVS1r1cAc3prle3nycfb5w8w2o+TNdSB59lSiy1RY6dlM:P6aDiyojcAQM3nycfxw23NdSB59IZRYZ |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 30.61 KB |
MD5:
a4d02e4a62410823b845dbdc786b019e
SHA1: 3d51d4d49702e376c6f46a9e9fdd270bb85534c2 SHA256: dec7757f7aa9454d8dbc9e1c587e38efeff56ad4f1f1e7b9014262110c63cd7c SSDeep: 768:okRiiTMtL5bn4WatdxQZyDgQHa/XQ/HkpO7gSP0Jt:okRiiTMLxZZyDTOXQspCgg8 |
|
|
| \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.42 KB |
MD5:
0784f150b88ceb4f8e3c3fb033364ac7
SHA1: f2a1429450170267894236cd8446a1dfc6509663 SHA256: 6db9542bc4e4fb260a2bc7ac3056fcc434e5268400e8eba938874ba6d47819d2 SSDeep: 96:cE1s+a6UoClfkGYnXbZkqjNjb4fqGlNaAocFT2T59qro6LE4/fY4ysCt:cEa+aHlfsLZkqjNjb4fqGlVxh2V9KJnk |
|
|
| \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 6.52 KB |
MD5:
4e9603a2c5a8d30e706d57338270275e
SHA1: 0ab2a174f8eb749394f644ffb2d99e883db1d352 SHA256: 2f0aeca3b8ea8b4d61b179fb2a0f7a7019c51fcdec53089a3bfbc01a4d68c884 SSDeep: 192:uu5shGBWgAhXa9kY5FKAuKlZI/j5FIopA8GpMTynt:uoscBhKXbYnK+lZM5FLp++M |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.81 KB |
MD5:
7fa1116002c01e1c0588a792fd38f3fd
SHA1: d4439b8e5a302b72b6c82a249fc2e5915596eada SHA256: 0ffd7a07de5876951f4716bba7e31795ebc70dfcbb1788f91c94cf9f10c66482 SSDeep: 48:Pz47g+E+d1PYbHxTtS0vzQjrCfy1XB4uJRatdcSqr/e9Cc9rDysAhHN:cXd1iHxTtder/5zJ43gHc9rDysCt |
|
|
| \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.53 KB |
MD5:
cacfe7c88081a61991c4debb7501ffff
SHA1: 88d3e8591b8722067c0973685a8f14a706c5e869 SHA256: f87bc677e549159d5c5c3be738d2f65a2a31b37e071e002b5c6a39b3f8114fd2 SSDeep: 384:bRQs8QPHjr8LC7X+zH4+VC1phVtzg9O2dsMUixUypcA2M:b1dHPGU+zHpmVtCpdiOdcAj |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 67.85 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 20.35 KB |
MD5:
2c6ffb9e78c2131f6ba8dd0c752eae69
SHA1: 826b677900be800371846c7b29655484b88a6264 SHA256: a40e6ab75df0fed6cc3576f54ed819c8c0308a323a9bec55df0706afbe0d0c72 SSDeep: 384:UyEVxvHiLUf3sF7CzRjHCzZslMvtUx0stvQSbMmO/0hrX/6uciPh55jswM:NEvvCIf8F7sCzZIEux041ZEKk |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.42 KB |
MD5:
e3fa4a57759c5490743d03b388c5303d
SHA1: 72eaa10dcf422615a53093e8462bae1e4ef49e77 SHA256: 1756083ace71d87637cb09207fbf17734a3df4fbc5df6ab973130ef34f2ba534 SSDeep: 96:BlbEMdCAd0gaYq0pHCtvPUYuZDjLJsmfB7cMEHm2X4ysCt:3bEMdPx+01yvPUHZrJdfB7lEH34ynt |
|
|
| \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.75 MB |
MD5:
12c462b050c15147d01abf1943b30c20
SHA1: a5b7114294698d3d5477627854c87e84eccac8d1 SHA256: a508f716392c78a74f96c58d8ad8fe112a03831d9668ee82a4c814c4da5d49c0 SSDeep: 24576:t6PoTpvfb2hIgGGnc7XTrHjurYMWjKcMrcR3:t6yVbrgGSk3Dupnc2o |
|
|
| \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 4.75 MB |
MD5:
68fc63af37ea5326118b93fb913bb0c1
SHA1: 8106c59632e56198f491b03a7591bd511d6c4ae2 SHA256: e07f8f894d29eb22bd1e4b8ed798baee50c78f91a91fa38e4b5fa648a0121a7f SSDeep: 24576:ppuMOgCMzPuPZ4IGXlx90UrKU0KXYOXSOtPH+FXU:7uECMzPiZBGXlj0UGxOXS1i |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 14.88 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 5.16 MB |
MD5:
c48c8785ef8176108656251443a27dd2
SHA1: e1ef4ff7389294fda0d0e0744d5733d2bbc2dfad SHA256: d95b70a3003764c04351bdfc442cb2568ae1dd8e3968ef757dee599bdf58ba97 SSDeep: 24576:lrbTjo/xbtpf/+JsmdgVEvbC5tIf9Cd3u0Y5sbO5TvaootzC95top:lQ/JP3cUIf92+0Y2bOhv9qzS5i |
|
|
| \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 256.86 KB |
MD5:
615c5dd18dd80442f730d7713bd86fdf
SHA1: 23c947def93e3a1b03046d1cefe8dc1fceff5f7d SHA256: c08d1bdb9de084a9bd128eecd6c7a8e304f398af52ff4ebf4a09b25815363335 SSDeep: 6144:rS5jeyYjFFVjE49327rulyGzts/xMxq4yrFntmdZepBJ/D:rM3MFRnurupts/uq46tmdYpBND |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.28 KB |
MD5:
b4b10617deab7de4315979f4ecec9c76
SHA1: 7e4041e0bb9fb712cb2ee807f411f2bd9a624c39 SHA256: d24d497dfd3f1c0afba54f39ca414b52ba586ad959e6486eb0925eb8a4fe4135 SSDeep: 384:tHAUYWu3Bb0+uEQkrsApiwtUDlah7O5AB4LgpRrl:dAnt3nuEdrsEilaR4LaRp |
|
|
| \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 48.28 KB |
MD5:
67fb37b90f251a7f99aa4d3264514d59
SHA1: 6081473fd5b1834165ae675d5ca675b4d3ce9d18 SHA256: 51b9b9b42b16649cdd6d05a80631d6dce042362e0594baa6989ce1eea24f8ff6 SSDeep: 768:aj2iAkwfTPDDrJjDGBRJGFo1nhsJOIEcHdLxB3SUR/3B0OhEhqztYjy7lAgM:aj2iAVbDPJjOl1mHdLxB39p0ZhqkMAb |
|
|
| \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 48.30 KB |
MD5:
19fc9bbbac59a292def662893cbd60bb
SHA1: 23e474f317f25564d3f10c7bd77a118c97540adc SHA256: 193e6825bd09c5568e7dd0e26541e0464474f116472d5d8f26db60078afc44ba SSDeep: 768:j0t1KxTqJko8i0M5Uv49961iYucYTJy3gBIbUvJR1ffASWo13pX:j0PKxTpoziQ99615fYdyQBIo4o15X |
|
|
| \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 48.30 KB |
MD5:
f26dc163431e2a30c294991ce8e7c8bb
SHA1: abb57948ae54e60446a5560c8459de999eac1911 SHA256: f09359cd02d9221b3626dc6fac1fd958b700575a0758c490e8b69b6c25cb4702 SSDeep: 768:02tjJkLZj5sT6X6yxQHrcglPnmiXMoLYYQfirGqIyCDae6m0RPgiZfi9Ui9Iic8q:0mjqLZ2+PGLFFnuFHfKLlq9UAJzVM |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.25 KB |
MD5:
b438df2859f25bb3bc98f961eaee8fc1
SHA1: 8dd43e8167275f40758995aac5216968f18bb0c5 SHA256: 8bee79a526ed4698272ab73ad7b93f0918cc56cce8470cb1390b1fb5e41437e8 SSDeep: 384:o/wMGkXZLLwvlN54NxINIAGxeIJ1FUmEnW00PJzM8UNfwusbnM:opZ3s+sYeq1eY1z5Uhwud |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.38 KB |
MD5:
64cdde3a12607d0288ba8697cffa09bd
SHA1: bf48fc77565785176c30b3dbaa825d9d2640e0d4 SHA256: 1550665017914f527507f146c51ae0685c13cf29536c67fdac0ee9b0531a478b SSDeep: 24:Zhc8PhfAl1o28Q+4TO+ZcjHYBSQ2fjAvSiGooU+ZmPwg/ysAhrNh0:Zh5sqZJKufCSloh+0Pr/ysAhH0 |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.55 KB |
MD5:
af659f17aa8efecf427326c9fb535fe0
SHA1: b3d055b687b22e67c96b8b92a2b98de739bee710 SHA256: dc6ff467e762458f35e7433b123618a1f19553675d6a48c6975b8d5b7f6b79d3 SSDeep: 48:vBYsEVeNpVZg8q//Qzp3eY7D5x/s1kI2zIX4ysAhH0:v1RG/ce+Drw20oysCU |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.61 KB |
MD5:
315774831d6f29ab541cea6fb6347bcf
SHA1: 8fd9ead6e56298dec5703d4a53745fc67e78cef9 SHA256: d3d144d229a29d6d39d7cd4ac46b00a612e175b02a13d145cbe2d052af62b8b1 SSDeep: 48:J1XqpQLt0DqdLVQeixxtg6fIPSh8OPVmWaT3DnV/RrRjRDhDmO5nueLnwlf6ysA6:JY5DqdLVcxxt9fAXOPVmWCVxhHnu4nww |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.38 KB |
MD5:
3b3598f925ac224344f161891eb18c6b
SHA1: 5cb0dfba0c9b16cf74d88dd724ff32f8d5f94b6d SHA256: fa01951221cd63d6c09364eccd1cfa898daaf0ba04d290ebbbe192a87b157b48 SSDeep: 24:HetUxHjjQ0/EBcVonH5wkPq4Z93SQYvwczJlTBR310daIu/ysAhrNh0:UUpWz5TxZ9nYvwkh3ydaL/ysAhH0 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 3.48 MB |
MD5:
1c69b51ad14d150972b0841c2f56b917
SHA1: 5b497f2e8bebb5c0e58522e6e199a50f858eea6b SHA256: d87b5a619fb4f22fdbbfe25ad2b01eba20aa7506e8d2e61187317032ddb772c3 SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6u/VEkGZAF+kky6qmQOMI9R:fqLVW6vK/VEkGaknyA/H9R |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 189.25 KB |
MD5:
28c94a5ab30564f3e2afaf19f9a8e45e
SHA1: 4c99668a00931e5bc54f7e3c6376040965456fde SHA256: 05cb420c9f8c7f75467ee74f0c58d84cbb73bc7b55dc8e9c915950b3f1829b0a SSDeep: 3072:7nZxYKIN/YvqEGzSRmx/nh2Pr1D3XzKfg+KM8eXWCKO4Kj6s8g71yOvzxfkAyQKW:7nQKIavtGzS4h2Pr1D3jKfgXaX7kKj66 |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 28.56 KB |
MD5:
94e2c080c25fe099919423f1b8760d97
SHA1: 66746abcea38c90361dbeaba8ba4fe307e6618f7 SHA256: 446dbaaf22bc9106f6aab45b2e67763308f1bafed679c04042124297ce40ff75 SSDeep: 384:16qrA1rO6NELRXOIWpveeGdoFAk+3Fjsd2Mfstwc87UdWvWgpCKxia6YnI+RjZG3:4qk1nN+N3sdv9gcv9ia6A1vtnDptM |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 21.78 KB |
MD5:
7d4e40fbcccfc6688f0c5c066e073bd7
SHA1: b121a884ec0a3e6f7fd287397cb7f5920245bc27 SHA256: cfa38e2c093b4344ec1d46cc3e2ac5205e66fbe0745b1f44bff36ab19d067fa2 SSDeep: 384:OJhopkiIBkjrLiHg5oe0WLkaTFS0cAUfh/oZyapBLNZyDIsY1:DpkickTmILksFPZUpyy4RYUss |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.85 KB |
MD5:
b6ea1d338250f42f64c1916e47f2166e
SHA1: 8309e2433cc21da4b613793c45783673875947a4 SHA256: 977828a680bb85bc3cfcce17c501a7f185cc14e2c8a07d80f1d440862b650fff SSDeep: 24:/O0vgHIX/B+ktgzmGpi5z/1RToyHFxaQkUqdhXysAhrNhN:/O0IoX/Bjym2ip1RTzvd/qTXysAhHN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.67 KB |
MD5:
bc43da47e328c2600e8ed4d6b7f744d8
SHA1: a9bbfe535a6c19a15ffded9d206106f2067781ed SHA256: 5c6c04671f19785e5befb77d9499ff9abcded6caf9d0a5514c9e4bf8b20558dd SSDeep: 12:SoIlJ0PGaq298Qc5CcWGOlOYqPkiUxsRQRAP2FXGF9Fl/ysBShrNLVfjKO:RI/oNV6hKlDqlOR62F2F9bysAhrNhN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.61 KB |
MD5:
ca2116336b7caaff4f76e7df87423916
SHA1: 16fe8e97c1ac57e125144e4000f15096e450c05b SHA256: 6dd9bea3aa20e5185f1314ea128c59164530aaf73ab847c64ff3f64938357724 SSDeep: 12:5HgkAIj9z1VKhWWYTZbpXbKAvzvoCmtm7ysBShrNLVfjKO:dRAIj4alJbKXtm7ysAhrNhN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.05 KB |
MD5:
2e9d31c6d3bc48e306307d1deb5d171a
SHA1: 866d0af1e6a75f66e0f1c21c885fc4d163196d2b SHA256: a85dcfad17e832d5f6c4d4be10d8651a24bf3d24c3a331f9bc08d21e8373e0e1 SSDeep: 48:BbjHeWG/UnnEgjuGPeRns8hWF7AC02HaDI4ruYH0ysAhHN:Bv+n8nBjuGG1zAFKOarrAysCt |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.55 KB |
MD5:
494e279a15d8f65cbf1fb2987842d31f
SHA1: 4fbb7bd07ac5a1c69e2074a711087abc3e542b5e SHA256: e4827b25fd5323a46ce5050f60cdede482785b0a243ede1ea2fe70a58514bb4a SSDeep: 48:WGFSdxSLoSVFTfAKKGsNaoMesNH37MqysAhHN:W2aENDjKGWaXeEHwqysCt |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.58 KB |
MD5:
0aebbf3707bf4b0ba7d044fc5c320900
SHA1: 52b634f3be920d0015856f3ecfa8de9af4fa8c6f SHA256: 390b3f982acaa243d05c20cd92d689d97b10c5596a19073bc5af37db5a7821fa SSDeep: 12:JGEq+yx8hzjj9o96DDA1MRc6FE1h2MqfBt90ysBShrNLVfjKO:JQ+yujBBv7zFchvysAhrNhN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.46 KB |
MD5:
233b8e64d8c154365a79bc1e196b73db
SHA1: 21ccd8a3c37bdd647baed67d3a4ec05428e579b1 SHA256: f1485ef47df129a53cc12f73df0e72c727cbbb8ace41647e8292900aa4ec9d5d SSDeep: 12:x0IcvOiGTTc3kOa7OgN1wwINf//UOsysBShrNLVfjKO:xcGiEQ3kOabMf//bsysAhrNhN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 2.16 KB |
MD5:
56b976d6ecf3588d627e48ee3905f834
SHA1: 5906c16fa4f9975837ad3555ecd41eb84d4d381a SHA256: 775dcd2c6b6b2f6226ae7242f0ece0cca5e50bc17ea8ea779ff69799e4848661 SSDeep: 48:6CKNIqyHQQ1CewqbB1XssrKy59F6VT+6yM5nu1uU7M+ysAhHN:DKNI3QQ1Chql18vm/6l+s3+ysCt |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 1.35 KB |
MD5:
685d94c0406e6c473cfc7f4d1c0333f6
SHA1: 36693199163b2feb6f81cd42fac7787711dda0ac SHA256: 6e68828f2b13feaef66de6a5963ca14882686f7ab7ed57a6841705ef68c6627b SSDeep: 24:4M0W7NmGiWUOotvLGZ1kAoR34txo8RoMkaSRwIUr75bQojx0tfT/Vm4Ye3p+ysAb:tNmfNr4/RF6GCojEb0s+ysAhHN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.75 KB |
MD5:
792df1566ee1f3a57411b8d5dddd4752
SHA1: 408f340dbe39d71254482689b585e490061d9433 SHA256: 4c78494cadae826465894518816031378c2e542dcc19d6a15719bc318ebcf402 SSDeep: 12:5zSier+AAkgI+/9KAU0Q2qx+UQSWMyJh3dsM5dG233AS0ysBShrNLVfjKO:5BOWIZhiqxxtWMyJ/BdJHf0ysAhrNhN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.83 KB |
MD5:
1d006995a94488732a8d4d601b138551
SHA1: 62e63fe7fe3cda686292d1450a765e98266482e2 SHA256: 0661ffff017a69b3fadd5bc56e6cb14e8ecaf1f9207b8977a58aa76a2e5fbb4b SSDeep: 24:YHj5WddBPXtTuil83Q2bHJHsaOoF61VJ5AiysAhrNhN:YHjCpTuiqzbpVbAJVysAhHN |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 207.10 KB |
MD5:
24cda4713aa23b9f476f7e9f342f55ac
SHA1: 5cd3043735b9a9c6824e460cb596cbd344242354 SHA256: 248db092d34f3c1646be9c5afb82d3b07ec998b3b2226ab8afec535fb5e4e39c SSDeep: 3072:lV5+Q6RZSidvgTWZaDuNGMFTveAqIu5NuOrRMIQ4vwZJ2OfldNjXrFz:lVYvVtZaDusMFTveAqIk7tDwZJVNjhz |
|
|
| \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 16.75 KB |
MD5:
eec3eccde4418c22f98dff219eaa3f4a
SHA1: 940bedd4b48ed008a078072e7e621f8b1b3abf23 SHA256: 7e91b4d2e15e0bf03c79a9739e9b9e99d88e0c598f88c42a87df2236db0a913d SSDeep: 384:052eYJWUC7VpCALKYzDUa//qH0o7p1xTwP/JRQ9BzItgue7H3Koil:mhUKVnFUEqHD91Z9BEBe7H3FO |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 6.88 KB |
MD5:
cc1a85e6013b10e66e879c1853e58737
SHA1: d611cea7f33e33b3045aedc306c41fb8e2cbe0d4 SHA256: 97df43c104171de4f8e23bfad137e2e0373e86ed0f0ff891be328e3577373e7f SSDeep: 192:GPLyPGO3BSSdZRL2DU8Lpg2mCyCdkXY33Aynt:IOBSSrh2Dx7yCdkX6AM |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 194.99 KB |
MD5:
3a294d754f2f2d4267146eca48a97788
SHA1: f872b9f6701d04267b15b11932bcfa7760285cf5 SHA256: a2670d12fdff749efa9c83512975af4a1b3e15d84d5b480d32c52a0855d806e0 SSDeep: 6144:MtAYv5CHQ5rO/Zb1+sXwVzepL9bGPPXacW9Exh9KKJ:MtPEHyOh1JguxbGPSH9ZA |
|
|
| \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.44 KB |
MD5:
846f1f1974180f82396d54ce8571ae7b
SHA1: 90a8a10d381516d0c8c26711b9468cd97b078c23 SHA256: 27929c361896fb3303c351dd3f95ff7fee7cee5f6ffea5bcc501c86176460d5e SSDeep: 12:ccalE1zAtzUZ9XmwT8ipTQZ09GHysBShrNLVfjKM4:1alGz0UZ9W482TQZEGHysAhrNhk |
|
|
| \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.36 KB |
MD5:
6525ffff1ef4170dfcc2058ee0324387
SHA1: 02ba64f1073b8947abba35fc13b4834681c6127b SHA256: 3a22be633dc91d92509121df3dc6a7173cc05d028b04b9c8d62081784e3f4d01 SSDeep: 6:Z1nyuk9SyJEJk/5Leihh/7CJy+R3MKeu7RgWR10ysBSPZtEZPQNLVfjKO:Zk9/J0AwihhGL3OsgU10ysBShrNLVfjJ |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos | 0.25 KB |
MD5:
213d4b0e8c32c4d83f1477681fc90422
SHA1: ead4d99c022099da7d48b2c63e3eb4640d91ff5a SHA256: bfb094b825a8172a90dc18ed6d3b2e94a3564b08e850a8a03b6cb4a88d105c18 SSDeep: 6:NyuXTek4KGf5R0mHduZkysBSPZtEZPQNLVfjKO:VeT3nXysBShrNLVfjKO |
|
|
Threads
Thread 0x604
93
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 43680 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 8828656042 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
1 | |
| System | Get Time | type = Ticks, time = 43711 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4201, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\00019C354B4201 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 34543120, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 34543184, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 196, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 34559280, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
3 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = exec, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\exec.exe, size = 104, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| File | Copy | source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, destination_filename = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\exec.exe, size = 260 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Desktop, data = %USERPROFILE%\Desktop, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Desktop, data = 76, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Desktop, data = 34543148, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Desktop, data = %USERPROFILE%\Desktop, type = REG_EXPAND_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Desktop, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Desktop, data = %PUBLIC%\Desktop, type = REG_EXPAND_SZ |
|
1 | |
| File | Create | filename = c:\users\5p5nrgjn0js halpmcxz\desktop\info.hta, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\users\5p5nrgjn0js halpmcxz\desktop\info.hta, size = 8202 |
|
1 | |
| Process | Create | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\info.hta, show_window = SW_SHOWNORMAL |
|
1 | |
| File | Create | filename = c:\users\5p5nrgjn0js halpmcxz\desktop\info.txt, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\users\5p5nrgjn0js halpmcxz\desktop\info.txt, size = 317 |
|
1 | |
| File | Create | filename = c:\users\public\desktop\info.hta, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\users\public\desktop\info.hta, size = 8202 |
|
1 | |
| Process | Create | process_name = c:\users\public\desktop\info.hta, show_window = SW_SHOWNORMAL |
|
1 | |
| File | Create | filename = c:\users\public\desktop\info.txt, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\users\public\desktop\info.txt, size = 317 |
|
1 | |
| File | Create | filename = c:\\info.hta, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\\info.hta, size = 8202 |
|
1 | |
| Process | Create | process_name = c:\\info.hta, show_window = SW_SHOWNORMAL |
|
1 | |
| File | Create | filename = c:\\info.txt, desired_access = GENERIC_WRITE |
|
1 | |
| File | Write | filename = c:\\info.txt, size = 317 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x608
179
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Mutex | Open | mutex_name = Global\00019C354B4200, desired_access = SYNCHRONIZE |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Thread 0x5d8
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x698, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 188 |
|
1 |
Thread 0x5d4
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x69c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 91 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x761ad668 |
|
1 |
Thread 0x61c
29
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
84 |
Thread 0x684
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 |
Thread 0x7d4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 |
Thread 0x494
6054
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = size, size_out = 85056 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = size, size_out = 43600 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = size, size_out = 89152 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = size, size_out = 3694080 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\chs_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, type = size, size_out = 3876772 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\cht_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe, type = size, size_out = 485760 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\memtest.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = size, size_out = 88144 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = size, size_out = 90176 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = size, size_out = 89664 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = size, size_out = 87104 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = size, size_out = 70720 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = size, size_out = 70224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = size, size_out = 70208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = size, size_out = 383786 |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\bootmgr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, type = size, size_out = 2506240 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = size, size_out = 2513920 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = size, size_out = 9958388 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = size, size_out = 14819276 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = size, size_out = 43806141 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = size, size_out = 11482605 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = size, size_out = 881152 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, size = 1114368, size_out = 881152 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 881168 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 885760 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, size = 1114368, size_out = 885760 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 885776 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, size = 1114368, size_out = 868864 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 868880 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = size, size_out = 873984 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, size = 1114368, size_out = 873984 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 874000 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = size, size_out = 18874884 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = size, size_out = 3124224 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = size, size_out = 2797568 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu\messages.json, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu\messages.json, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 17456632 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, type = size, size_out = 4095519 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, type = size, size_out = 2507776 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, type = size, size_out = 107912 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, size = 1114368, size_out = 107912 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 107920 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, type = size, size_out = 838536 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, size = 1114368, size_out = 838536 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 838544 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, type = size, size_out = 526176 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, size = 1114368, size_out = 526176 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 526192 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, type = size, size_out = 1857 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, size = 1114368, size_out = 1857 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1872 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, type = size, size_out = 14127746 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, size = 1114368, size_out = 868864 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 868880 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, type = size, size_out = 2517504 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, size = 1114368, size_out = 868864 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 868880 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, size = 1114368, size_out = 174440 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 174448 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 349200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 349216 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, type = size, size_out = 27532288 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, type = size, size_out = 222948913 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, size = 1114368, size_out = 174440 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 174448 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, type = size, size_out = 10798080 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 349200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 349216 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1114368, size_out = 715834 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 715840 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 263288 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 263296 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, type = size, size_out = 195011319 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, type = size, size_out = 206316 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, size = 1114368, size_out = 206316 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 206320 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, type = size, size_out = 14660 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, size = 1114368, size_out = 14660 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14672 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = size, size_out = 47 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, size = 1114368, size_out = 47 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 48 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, type = size, size_out = 14972 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, size = 1114368, size_out = 14972 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico, size = 1114368, size_out = 25214 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 25216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, type = size, size_out = 48992 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll, size = 1114368, size_out = 48992 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49008 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, type = size, size_out = 252256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll, size = 1114368, size_out = 252256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 252272 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, type = size, size_out = 49504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll, size = 1114368, size_out = 49504 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49520 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, type = size, size_out = 2944352 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786722 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, type = size, size_out = 226656 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll, size = 1114368, size_out = 226656 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226672 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, type = size, size_out = 52576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll, size = 1114368, size_out = 52576 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 52592 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, type = size, size_out = 286560 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll, size = 1114368, size_out = 286560 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 286576 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, type = size, size_out = 581984 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll, size = 1114368, size_out = 581984 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 582000 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, type = size, size_out = 16736 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll, size = 1114368, size_out = 16736 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16752 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, type = size, size_out = 488800 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll, size = 1114368, size_out = 488800 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 488816 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, type = size, size_out = 152416 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll, size = 1114368, size_out = 152416 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 152432 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, type = size, size_out = 1276256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll, size = 1114368, size_out = 161888 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 161904 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, type = size, size_out = 235872 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll, size = 1114368, size_out = 235872 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 235888 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, type = size, size_out = 49504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll, size = 1114368, size_out = 49504 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49520 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, type = size, size_out = 94048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll, size = 1114368, size_out = 94048 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 94064 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, type = size, size_out = 45920 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll, size = 1114368, size_out = 45920 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 45936 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, type = size, size_out = 31584 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll, size = 1114368, size_out = 31584 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 31600 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, type = size, size_out = 252256 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll, size = 1114368, size_out = 252256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 252272 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, type = size, size_out = 219488 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll, size = 1114368, size_out = 219488 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 219504 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, type = size, size_out = 652640 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll, size = 1114368, size_out = 652640 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 652656 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, type = size, size_out = 11616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll, size = 1114368, size_out = 11616 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 11632 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, type = size, size_out = 53600 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll, size = 1114368, size_out = 53600 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 53616 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, type = size, size_out = 275808 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll, size = 1114368, size_out = 275808 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 275824 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, type = size, size_out = 107872 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll, size = 1114368, size_out = 107872 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 107888 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, type = size, size_out = 556896 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll, size = 1114368, size_out = 556896 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 556912 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, type = size, size_out = 17248 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll, size = 1114368, size_out = 17248 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 17264 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, type = size, size_out = 26976 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll, size = 1114368, size_out = 26976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 26992 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, type = size, size_out = 1117024 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll, size = 1114368, size_out = 2656 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2672 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, type = size, size_out = 544768 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf, size = 1114368, size_out = 544768 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 544784 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, type = size, size_out = 558 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, size = 1114368, size_out = 558 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 560 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs, type = size, size_out = 1048576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs, size = 1114368, size_out = 1048576 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1048592 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA, type = size, size_out = 4 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA, size = 1114368, size_out = 4 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb, type = size, size_out = 75563008 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb, destination_filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, type = size, size_out = 14134 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, type = size, size_out = 110457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl, type = size, size_out = 2818048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl, destination_filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, type = size, size_out = 112353 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma, type = file_attributes |
|
1 | |
|
For performance reasons, the remaining 3987 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0x354
6503
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, type = size, size_out = 16972987 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = size, size_out = 70361744 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = size, size_out = 2865664 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = size, size_out = 2522624 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 875520 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 1114368, size_out = 875520 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 875536 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = size, size_out = 13642474 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = size, size_out = 21064532 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = size, size_out = 2928955 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = size, size_out = 50823389 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN\messages.json, size = 262144 |
|
2 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = size, size_out = 2511872 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, type = size, size_out = 8265165 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, type = size, size_out = 519584 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, size = 1114368, size_out = 519584 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 519600 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, type = size, size_out = 655872 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, size = 1114368, size_out = 655872 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 655888 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, type = size, size_out = 3702272 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, type = size, size_out = 191872 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, size = 1114368, size_out = 191872 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 191888 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, type = size, size_out = 3584 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, size = 1114368, size_out = 3584 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 3600 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, type = size, size_out = 28016276 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, destination_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1114368, size_out = 715834 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 715840 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN\messages.json, type = size, size_out = 177720283 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 263288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 263296 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1114368, size_out = 349200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 349216 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1114368, size_out = 715834 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 715840 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, type = size, size_out = 162970271 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, size = 1114368, size_out = 263288 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 263296 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, size = 1114368, size_out = 174440 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 174448 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, type = size, size_out = 12060672 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, destination_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786706 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, type = size, size_out = 479 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, size = 1114368, size_out = 479 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 480 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, type = size, size_out = 12066 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, size = 1114368, size_out = 12066 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 12080 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, type = size, size_out = 222716 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, size = 1114368, size_out = 222716 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 222720 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, type = size, size_out = 499482 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, size = 1114368, size_out = 499482 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 499488 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, type = size, size_out = 4 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, size = 1114368, size_out = 4 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, type = size, size_out = 873232 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, size = 1114368, size_out = 873232 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 873248 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 306 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = size, size_out = 1053 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, size = 1114368, size_out = 1053 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1056 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, type = size, size_out = 53411 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, type = size, size_out = 29422 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, type = size, size_out = 83560 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, type = size, size_out = 51881 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, type = size, size_out = 67664 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, type = size, size_out = 49227 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, type = size, size_out = 113140 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, type = size, size_out = 53411 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, type = size, size_out = 58312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, type = size, size_out = 60344 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, type = size, size_out = 57333 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, type = size, size_out = 60533 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, type = size, size_out = 67156 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, type = size, size_out = 63682 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, type = size, size_out = 15616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll, size = 1114368, size_out = 15616 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 15632 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, type = size, size_out = 254216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll, size = 1114368, size_out = 254216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 254224 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, type = size, size_out = 14972 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, size = 1114368, size_out = 14972 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, type = size, size_out = 5430 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico, size = 1114368, size_out = 5430 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 5440 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, type = size, size_out = 348974 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico, size = 1114368, size_out = 348974 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 348976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico, size = 1114368, size_out = 25214 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 25216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\MySite.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico, size = 1114368, size_out = 25214 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 25216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, type = size, size_out = 25214 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico, size = 1114368, size_out = 25214 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 25216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, type = size, size_out = 14688 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll, size = 1114368, size_out = 14688 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14704 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, type = size, size_out = 302944 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll, size = 1114368, size_out = 302944 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 302960 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, type = size, size_out = 96608 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll, size = 1114368, size_out = 96608 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 96624 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, type = size, size_out = 45920 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll, size = 1114368, size_out = 45920 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 45936 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, type = size, size_out = 31584 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll, size = 1114368, size_out = 31584 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 31600 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, type = size, size_out = 260960 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll, size = 1114368, size_out = 260960 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 260976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, type = size, size_out = 681312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll, size = 1114368, size_out = 681312 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 681328 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, type = size, size_out = 11104 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll, size = 1114368, size_out = 11104 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 11120 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, type = size, size_out = 107360 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll, size = 1114368, size_out = 107360 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 107376 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, type = size, size_out = 371552 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll, size = 1114368, size_out = 371552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 371568 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, type = size, size_out = 13152 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll, size = 1114368, size_out = 13152 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 13168 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, type = size, size_out = 26976 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll, size = 1114368, size_out = 26976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 26992 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, type = size, size_out = 154464 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll, size = 1114368, size_out = 154464 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 154480 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, type = size, size_out = 1137504 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll, size = 1114368, size_out = 23136 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 23152 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, type = size, size_out = 15712 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll, size = 1114368, size_out = 15712 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 15728 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, type = size, size_out = 14176 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll, size = 1114368, size_out = 14176 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14192 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, type = size, size_out = 47456 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll, size = 1114368, size_out = 47456 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 47472 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, type = size, size_out = 294240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll, size = 1114368, size_out = 294240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 294256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, type = size, size_out = 2827616 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll, destination_filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786722 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, type = size, size_out = 360288 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll, size = 1114368, size_out = 360288 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 360304 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, type = size, size_out = 13152 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll, size = 1114368, size_out = 13152 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 13168 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, type = size, size_out = 473440 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll, size = 1114368, size_out = 473440 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 473456 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, type = size, size_out = 148320 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll, size = 1114368, size_out = 148320 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 148336 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, type = size, size_out = 145760 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll, size = 1114368, size_out = 145760 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 145776 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, type = size, size_out = 1206112 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, size = 1114368, size_out = 1114368 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1114368 |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll, size = 1114368, size_out = 91744 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 91760 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, type = size, size_out = 14688 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll, size = 1114368, size_out = 14688 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 14704 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl, type = size, size_out = 314 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl, size = 1114368, size_out = 314 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, size = 320 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk, type = size, size_out = 8192 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk, size = 1114368, size_out = 8192 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 8208 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs, type = size, size_out = 1048576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs, size = 1114368, size_out = 1048576 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1048592 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, type = size, size_out = 240 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000, size = 1114368, size_out = 240 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002, size = 1114368, size_out = 65536 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 65552 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl, type = size, size_out = 131072 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl, size = 1114368, size_out = 131072 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 131088 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-trace.etl |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, type = size, size_out = 201833 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma, size = 1114368, size_out = 201833 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 201840 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, type = size, size_out = 139199 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma, size = 1114368, size_out = 139199 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 139200 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma, size = 1114368, size_out = 94457 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 94464 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, type = size, size_out = 237625 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma, size = 1114368, size_out = 237625 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 237632 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma, size = 1114368, size_out = 94457 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 94464 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, type = size, size_out = 139197 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma, size = 1114368, size_out = 139197 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 139200 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, type = size, size_out = 112353 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma, size = 1114368, size_out = 112353 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 112368 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, type = size, size_out = 94457 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma, size = 1114368, size_out = 94457 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 94464 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, type = size, size_out = 1282 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk, size = 1114368, size_out = 1282 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1296 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, type = size, size_out = 1388 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk, size = 1114368, size_out = 1388 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1392 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, type = size, size_out = 1230 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk, size = 1114368, size_out = 1230 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1232 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, type = size, size_out = 1266 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk, size = 1114368, size_out = 1266 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1280 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1364 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 1114368, size_out = 1364 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1376 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, type = size, size_out = 1238 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk, size = 1114368, size_out = 1238 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1248 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, type = size, size_out = 1242 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
|
For performance reasons, the remaining 4346 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0x7b4
8971
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1886 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1886 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1888 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1608 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1608 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1616 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2424 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 2424 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2432 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, size = 1114368, size_out = 1347 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1360 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = size, size_out = 1458 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, size = 1114368, size_out = 1458 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1472 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = size, size_out = 1383 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, size = 1114368, size_out = 1383 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1392 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1852 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1852 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1856 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = size, size_out = 9503 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, size = 1114368, size_out = 9503 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 9504 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = size, size_out = 1606 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, size = 1114368, size_out = 1606 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1616 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1988 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1988 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2000 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, size = 1114368, size_out = 1452 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1456 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1872 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1872 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1888 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = size, size_out = 913 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 1114368, size_out = 913 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 928 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 1452 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1456 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1114368, size_out = 596341 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 596352 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = size, size_out = 5557 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, size = 1114368, size_out = 5557 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 5568 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, size = 1114368, size_out = 819 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 832 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, type = size, size_out = 27195 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1114368, size_out = 27195 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 27200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = size, size_out = 67190 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, size = 1114368, size_out = 67190 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 67200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 9352 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 9352 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 9360 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, type = size, size_out = 1349 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, size = 1114368, size_out = 1349 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1360 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, size = 1114368, size_out = 596341 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 596352 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2624 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 2624 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2640 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1114368, size_out = 4274 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 4288 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, type = size, size_out = 129745 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, type = size, size_out = 2913 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, type = size, size_out = 44488 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, type = size, size_out = 28865 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, type = size, size_out = 39379 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = size, size_out = 129745 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, type = size, size_out = 1897 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, type = size, size_out = 28865 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, type = size, size_out = 1334 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, type = size, size_out = 1334 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, type = size, size_out = 13427 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, type = size, size_out = 1512 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, type = size, size_out = 11364 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat, type = size, size_out = 4194304 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, type = size, size_out = 4627413 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat, destination_filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, type = size, size_out = 48824 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, size = 1114368, size_out = 49208 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, type = size, size_out = 49208 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp, size = 1114368, size_out = 49208 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, type = size, size_out = 16384 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db, size = 1114368, size_out = 16384 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16400 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, type = size, size_out = 1048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db, size = 1114368, size_out = 1048 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1056 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, type = size, size_out = 1216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db, size = 1114368, size_out = 1216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1232 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, type = size, size_out = 2312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db, size = 1114368, size_out = 2312 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2320 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, type = size, size_out = 1048 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db, size = 1114368, size_out = 1048 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1056 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, type = size, size_out = 2312 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db, size = 1114368, size_out = 2312 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2320 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, type = size, size_out = 193424 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db, size = 1114368, size_out = 193424 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 193440 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, type = size, size_out = 415096 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db, size = 1114368, size_out = 415096 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 415104 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml, type = size, size_out = 22016 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml, size = 1114368, size_out = 22016 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 22032 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-26.xml |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml, type = size, size_out = 22016 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml, size = 1114368, size_out = 22016 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, size = 22032 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-latest.xml |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, type = size, size_out = 612 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini, size = 1114368, size_out = 612 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 624 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, type = size, size_out = 442 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini, size = 1114368, size_out = 442 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 448 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, type = size, size_out = 370 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini, size = 1114368, size_out = 370 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 384 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, type = size, size_out = 1854 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini, size = 1114368, size_out = 1854 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1856 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, type = size, size_out = 1338 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini, size = 1114368, size_out = 1338 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1344 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 343 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 1114368, size_out = 343 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 352 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, type = size, size_out = 216 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini, size = 1114368, size_out = 216 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 1958 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini, size = 1114368, size_out = 1958 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1968 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, type = size, size_out = 1130 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini, size = 1114368, size_out = 1130 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1136 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, type = size, size_out = 520 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini, size = 1114368, size_out = 520 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 528 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, type = size, size_out = 606 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini, size = 1114368, size_out = 606 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 608 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, type = size, size_out = 174 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini, size = 1114368, size_out = 174 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 176 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, type = size, size_out = 211808 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin, size = 1114368, size_out = 211808 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 211824 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log, type = size, size_out = 2 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log, size = 1114368, size_out = 2 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, size = 16 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, type = size, size_out = 3372 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png, size = 1114368, size_out = 3372 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 3376 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, type = size, size_out = 257 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json, size = 1114368, size_out = 257 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, type = size, size_out = 272 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json, size = 1114368, size_out = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, type = size, size_out = 224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json, size = 1114368, size_out = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, type = size, size_out = 224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json, size = 1114368, size_out = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, type = size, size_out = 224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json, size = 1114368, size_out = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, type = size, size_out = 234 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json, size = 1114368, size_out = 234 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, type = size, size_out = 226 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json, size = 1114368, size_out = 226 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, type = size, size_out = 260 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json, size = 1114368, size_out = 260 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, type = size, size_out = 270 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json, size = 1114368, size_out = 270 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, type = size, size_out = 237 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json, size = 1114368, size_out = 237 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json, size = 1114368, size_out = 215 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, type = size, size_out = 11094 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json, size = 1114368, size_out = 11094 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 11104 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, type = size, size_out = 143 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, size = 1114368, size_out = 143 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 144 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, type = size, size_out = 92 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, size = 1114368, size_out = 92 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 96 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, type = size, size_out = 91 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, size = 1114368, size_out = 91 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 96 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, type = size, size_out = 725 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, size = 1114368, size_out = 725 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 736 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, type = size, size_out = 260 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, size = 1114368, size_out = 260 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, type = size, size_out = 208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, size = 1114368, size_out = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, type = size, size_out = 209 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, size = 1114368, size_out = 209 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, type = size, size_out = 206 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, size = 1114368, size_out = 206 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, type = size, size_out = 206 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, size = 1114368, size_out = 206 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
|
For performance reasons, the remaining 6520 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0x7ac
9624
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, size = 1114368, size_out = 1450 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1456 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, size = 1114368, size_out = 1450 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1456 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = size, size_out = 3186 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, size = 1114368, size_out = 3186 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 3200 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 4207 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 4207 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 4208 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, type = size, size_out = 1800 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1114368, size_out = 1800 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1808 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = size, size_out = 1457 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, size = 1114368, size_out = 1457 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1472 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = size, size_out = 811 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, size = 1114368, size_out = 811 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 816 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 5884 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 5884 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 5888 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2362 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 2362 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 2368 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = size, size_out = 1231 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, size = 1114368, size_out = 1231 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1232 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 6241 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 6241 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 6256 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, size = 1114368, size_out = 819 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 832 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1114368, size_out = 4274 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 4288 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = size, size_out = 16852 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, size = 1114368, size_out = 16852 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16864 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 31094 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 31094 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 31104 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1114368, size_out = 4274 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 4288 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = size, size_out = 6421 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1114368, size_out = 6421 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 6432 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 16683 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 16683 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16688 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 20577 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1114368, size_out = 20577 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 20592 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = size, size_out = 8723 |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 1114368, size_out = 8723 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 8736 |
|
1 | |
| File | Write | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat, type = size, size_out = 4194304 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, type = size, size_out = 262768 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat, size = 1114368, size_out = 262768 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262784 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, type = size, size_out = 8 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat, size = 1114368, size_out = 8 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, type = size, size_out = 16412 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat, size = 1114368, size_out = 16412 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16416 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, type = size, size_out = 49180 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat, size = 1114368, size_out = 49180 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 49184 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log, type = size, size_out = 1048576 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log, size = 1114368, size_out = 1048576 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1048592 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, type = size, size_out = 194032 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db, size = 1114368, size_out = 194032 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 194048 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 354 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml, type = size, size_out = 28962 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml, size = 1114368, size_out = 28962 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 28976 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report-2017-07-12.xml |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 16880 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html, size = 1114368, size_out = 16880 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 16896 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, type = size, size_out = 6790 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, size = 1114368, size_out = 6790 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 6800 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, type = size, size_out = 199386 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log, size = 1114368, size_out = 199386 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 199392 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, type = size, size_out = 89534 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, type = size, size_out = 516424 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, type = size, size_out = 164 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log, size = 1114368, size_out = 164 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 176 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 274 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Mozilla\logs\maintenanceservice-install.log |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, type = size, size_out = 119 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml, size = 1114368, size_out = 119 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 128 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\ProgramData\Sun\Java\Java Update\jaureglist.xml |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, type = size, size_out = 169213970 |
|
1 | |
| File | Get Info | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, destination_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 786690 |
|
1 | |
| File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 262144 |
|
3 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, type = size, size_out = 160 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png, size = 1114368, size_out = 160 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 176 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, type = size, size_out = 92 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html, size = 1114368, size_out = 92 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 96 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, type = size, size_out = 95 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js, size = 1114368, size_out = 95 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 96 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 226 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, type = size, size_out = 725 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, size = 1114368, size_out = 725 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 736 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, type = size, size_out = 274 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json, size = 1114368, size_out = 274 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, type = size, size_out = 214 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json, size = 1114368, size_out = 214 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json, size = 1114368, size_out = 215 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, type = size, size_out = 223 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json, size = 1114368, size_out = 223 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, type = size, size_out = 214 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json, size = 1114368, size_out = 214 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, type = size, size_out = 217 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json, size = 1114368, size_out = 217 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, type = size, size_out = 224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json, size = 1114368, size_out = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, type = size, size_out = 222 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json, size = 1114368, size_out = 222 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, type = size, size_out = 225 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json, size = 1114368, size_out = 225 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, type = size, size_out = 291 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json, size = 1114368, size_out = 291 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 304 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, type = size, size_out = 230 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json, size = 1114368, size_out = 230 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, type = size, size_out = 208 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json, size = 1114368, size_out = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, type = size, size_out = 236 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json, size = 1114368, size_out = 236 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, type = size, size_out = 230 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json, size = 1114368, size_out = 230 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, type = size, size_out = 228 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json, size = 1114368, size_out = 228 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, type = size, size_out = 233 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json, size = 1114368, size_out = 233 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, type = size, size_out = 210 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json, size = 1114368, size_out = 210 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, type = size, size_out = 203 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json, size = 1114368, size_out = 203 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, type = size, size_out = 217 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json, size = 1114368, size_out = 217 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, type = size, size_out = 222 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json, size = 1114368, size_out = 222 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, type = size, size_out = 224 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json, size = 1114368, size_out = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, type = size, size_out = 222 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json, size = 1114368, size_out = 222 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, type = size, size_out = 272 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json, size = 1114368, size_out = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, type = size, size_out = 227 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json, size = 1114368, size_out = 227 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, type = size, size_out = 223 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json, size = 1114368, size_out = 223 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, type = size, size_out = 260 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json, size = 1114368, size_out = 260 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, type = size, size_out = 209 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json, size = 1114368, size_out = 209 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, type = size, size_out = 352 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json, size = 1114368, size_out = 352 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 368 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, type = size, size_out = 3213 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, size = 1114368, size_out = 3213 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 3216 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, type = size, size_out = 246 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, size = 1114368, size_out = 246 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, type = size, size_out = 264 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, size = 1114368, size_out = 264 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, type = size, size_out = 207 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, size = 1114368, size_out = 207 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 208 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, type = size, size_out = 222 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, size = 1114368, size_out = 222 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, type = size, size_out = 216 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, size = 1114368, size_out = 216 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, type = size, size_out = 217 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, size = 1114368, size_out = 217 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, size = 1114368, size_out = 215 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, type = size, size_out = 279 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, size = 1114368, size_out = 279 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, type = size, size_out = 235 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, size = 1114368, size_out = 235 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 240 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, type = size, size_out = 209 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, size = 1114368, size_out = 209 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, type = size, size_out = 213 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, size = 1114368, size_out = 213 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, size = 1114368, size_out = 221 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = size, size_out = 218 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, size = 1114368, size_out = 218 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 224 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, type = size, size_out = 11094 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, size = 1114368, size_out = 11094 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 11104 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 258 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, type = size, size_out = 1004 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, size = 1114368, size_out = 1004 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 1008 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, type = size, size_out = 278 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, size = 1114368, size_out = 278 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 288 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, type = size, size_out = 319 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, size = 1114368, size_out = 319 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 320 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, type = size, size_out = 265 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, size = 1114368, size_out = 265 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, type = size, size_out = 259 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, size = 1114368, size_out = 259 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, type = size, size_out = 243 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, size = 1114368, size_out = 243 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, type = size, size_out = 256 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, size = 1114368, size_out = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, type = size, size_out = 329 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, size = 1114368, size_out = 329 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 336 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, type = size, size_out = 249 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, size = 1114368, size_out = 249 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, type = size, size_out = 249 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, size = 1114368, size_out = 249 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, type = size, size_out = 259 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, size = 1114368, size_out = 259 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, type = size, size_out = 259 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, size = 1114368, size_out = 259 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 272 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, type = size, size_out = 251 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, size = 1114368, size_out = 251 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 242 |
|
1 | |
| File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, type = size, size_out = 243 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, size = 1114368, size_out = 243 |
|
1 | |
| File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.id[9C354B42-0001].[tedmundboardus@aol.com].phobos, size = 256 |
|
1 | |
|
For performance reasons, the remaining 7034 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0x318
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x761ad650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x538, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 188 |
|
1 |
Process #17: cmd.exe
333
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:58, Reason: Self Terminated |
| Monitor Duration | 00:00:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x69c |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
27C
|
Threads
Thread 0x27c
333
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 44023 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 8863272840 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4ab10000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76b223d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76b18290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76b217e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 47 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\netsh.exe, os_pid = 0x32c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76d30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76d814a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\netsh.exe, address = 8796092878848, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 39 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\netsh.exe, os_pid = 0x4fc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\netsh.exe, address = 8796092887040, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 |
Process #18: cmd.exe
586
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:48 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x698 |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
694
|
Threads
Thread 0x694
586
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 44070 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 8867997103 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4ab10000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76b223d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76b18290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76b217e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0x328, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76d30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76d814a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 8796092841984, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 23 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\System32\Wbem\WMIC.exe, os_pid = 0x218, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\System32\Wbem\WMIC.exe, address = 8796092866560, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 58 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\bcdedit.exe, os_pid = 0xc0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\bcdedit.exe, address = 8796092854272, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 42 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\bcdedit.exe, os_pid = 0x440, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\bcdedit.exe, address = 8796092887040, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1 |
|
1 |
Process #19: netsh.exe
92
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh advfirewall set currentprofile state off |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:54, Reason: Self Terminated |
| Monitor Duration | 00:00:50 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x32c |
| Parent PID | 0x69c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F0
0x
788
0x
5FC
0x
55C
0x
31C
0x
7C8
|
Threads
Thread 0x5f0
92
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:05 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 44382 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 8898858496 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\netsh.exe, base_address = 0x1440000 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RASMONTR.DLL, base_address = 0x7fef4310000 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 12:29:05 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 44647 |
|
1 | |
| Module | Load | module_name = MSVCRT.DLL, base_address = 0x7fefee20000 |
|
1 | |
| System | Get Info | type = Operating System |
|
6 | |
| System | Get Cursor | x_out = 806, y_out = 457 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\MFC42LOC.DLL, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rasmontr.dll, function = InitHelperDll, address_out = 0x7fef432cf70 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHWFP.DLL, base_address = 0x7fef3770000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshwfp.dll, function = InitHelperDll, address_out = 0x7fef37db6d0 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DHCPCMONITOR.DLL, base_address = 0x7fef43b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dhcpcmonitor.dll, function = InitHelperDll, address_out = 0x7fef43b1a40 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WSHELPER.DLL, base_address = 0x7fef3ef0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wshelper.dll, function = InitHelperDll, address_out = 0x7fef3ef1720 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHHTTP.DLL, base_address = 0x7fef3ee0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshhttp.dll, function = InitHelperDll, address_out = 0x7fef3ee1c24 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = FWCFG.DLL, base_address = 0x7fef3630000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\fwcfg.dll, function = InitHelperDll, address_out = 0x7fef3632d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = AUTHFWCFG.DLL, base_address = 0x7fef35b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\authfwcfg.dll, function = InitHelperDll, address_out = 0x7fef35b5d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = IFMON.DLL, base_address = 0x7fef3ec0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ifmon.dll, function = InitHelperDll, address_out = 0x7fef3ec1924 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NETIOHLP.DLL, base_address = 0x7fef3550000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\netiohlp.dll, function = InitHelperDll, address_out = 0x7fef356ce30 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WHHELPER.DLL, base_address = 0x7fef3540000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\whhelper.dll, function = InitHelperDll, address_out = 0x7fef354210c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = HNETMON.DLL, base_address = 0x7fef3530000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\hnetmon.dll, function = InitHelperDll, address_out = 0x7fef35322a4 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RPCNSH.DLL, base_address = 0x7fef3520000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rpcnsh.dll, function = InitHelperDll, address_out = 0x7fef3522e88 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DOT3CFG.DLL, base_address = 0x7fef3500000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dot3cfg.dll, function = InitHelperDll, address_out = 0x7fef350390c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NAPMONTR.DLL, base_address = 0x7fef33f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\napmontr.dll, function = InitHelperDll, address_out = 0x7fef340048c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHIPSEC.DLL, base_address = 0x7fef32f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshipsec.dll, function = InitHelperDll, address_out = 0x7fef32f6230 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NETTRACE.DLL, base_address = 0x7fef3af0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nettrace.dll, function = InitHelperDll, address_out = 0x7fef3b37360 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WCNNETSH.DLL, base_address = 0x7fef41c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wcnnetsh.dll, function = InitHelperDll, address_out = 0x7fef41c28e4 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = P2PNETSH.DLL, base_address = 0x7fef4190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\p2pnetsh.dll, function = InitHelperDll, address_out = 0x7fef4195568 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WWANCFG.DLL, base_address = 0x7fef4130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wwancfg.dll, function = InitHelperDll, address_out = 0x7fef41320c8 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WLANCFG.DLL, base_address = 0x7fef3a20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wlancfg.dll, function = InitHelperDll, address_out = 0x7fef3a2613c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = PEERDISTSH.DLL, base_address = 0x7fef3930000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\peerdistsh.dll, function = InitHelperDll, address_out = 0x7fef39ae69c |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\msvcrt.dll, base_address = 0x7fefee20000 |
|
1 |
Process #20: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:03:29, Reason: Self Terminated |
| Monitor Duration | 00:01:25 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x328 |
| Parent PID | 0x698 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5BC
0x
7F0
0x
334
0x
330
0x
5E4
|
Process #21: vssvc.exe
3
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\vssvc.exe |
| Command Line | C:\Windows\system32\vssvc.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: RPC Server |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:47 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5c0 |
| Parent PID | 0x1d8 (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
670
0x
674
0x
574
0x
54C
0x
368
0x
364
0x
7EC
0x
710
0x
64
0x
5CC
|
Threads
Thread 0x54c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:06 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 45630 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 9023031380 |
|
1 |
Process #23: netsh.exe
94
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh firewall set opmode mode=disable |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:53, Reason: Child Process |
| Unmonitor | End Time: 00:02:58, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4fc |
| Parent PID | 0x69c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
560
0x
58C
0x
188
0x
214
0x
258
0x
250
|
Threads
Thread 0x560
94
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:29:47 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 86471 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 13825158366 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\netsh.exe, base_address = 0xf10000 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RASMONTR.DLL, base_address = 0x7fef83a0000 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 12:29:47 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 86502 |
|
1 | |
| Module | Load | module_name = MSVCRT.DLL, base_address = 0x7fefee20000 |
|
1 | |
| System | Get Info | type = Operating System |
|
6 | |
| System | Get Cursor | x_out = 449, y_out = 294 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260 |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\MFC42LOC.DLL, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rasmontr.dll, function = InitHelperDll, address_out = 0x7fef83bcf70 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHWFP.DLL, base_address = 0x7fef3fb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshwfp.dll, function = InitHelperDll, address_out = 0x7fef401b6d0 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DHCPCMONITOR.DLL, base_address = 0x7fef82d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dhcpcmonitor.dll, function = InitHelperDll, address_out = 0x7fef82d1a40 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WSHELPER.DLL, base_address = 0x7fef7ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wshelper.dll, function = InitHelperDll, address_out = 0x7fef7ab1720 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHHTTP.DLL, base_address = 0x7fef7aa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshhttp.dll, function = InitHelperDll, address_out = 0x7fef7aa1c24 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = FWCFG.DLL, base_address = 0x7fef7a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\fwcfg.dll, function = InitHelperDll, address_out = 0x7fef7a72d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = AUTHFWCFG.DLL, base_address = 0x7fef4320000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\authfwcfg.dll, function = InitHelperDll, address_out = 0x7fef4325d20 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = IFMON.DLL, base_address = 0x7fef43b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ifmon.dll, function = InitHelperDll, address_out = 0x7fef43b1924 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NETIOHLP.DLL, base_address = 0x7fef3f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\netiohlp.dll, function = InitHelperDll, address_out = 0x7fef3f8ce30 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WHHELPER.DLL, base_address = 0x7fef4310000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\whhelper.dll, function = InitHelperDll, address_out = 0x7fef431210c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = HNETMON.DLL, base_address = 0x7fef3f60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\hnetmon.dll, function = InitHelperDll, address_out = 0x7fef3f622a4 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = RPCNSH.DLL, base_address = 0x7fef3f50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\rpcnsh.dll, function = InitHelperDll, address_out = 0x7fef3f52e88 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = DOT3CFG.DLL, base_address = 0x7fef3f30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\dot3cfg.dll, function = InitHelperDll, address_out = 0x7fef3f3390c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NAPMONTR.DLL, base_address = 0x7fef3ba0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\napmontr.dll, function = InitHelperDll, address_out = 0x7fef3bb048c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NSHIPSEC.DLL, base_address = 0x7fef3aa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nshipsec.dll, function = InitHelperDll, address_out = 0x7fef3aa6230 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = NETTRACE.DLL, base_address = 0x7fef3900000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\nettrace.dll, function = InitHelperDll, address_out = 0x7fef3947360 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WCNNETSH.DLL, base_address = 0x7fef38b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wcnnetsh.dll, function = InitHelperDll, address_out = 0x7fef38b28e4 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = P2PNETSH.DLL, base_address = 0x7fef3880000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\p2pnetsh.dll, function = InitHelperDll, address_out = 0x7fef3885568 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WWANCFG.DLL, base_address = 0x7fef3780000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wwancfg.dll, function = InitHelperDll, address_out = 0x7fef37820c8 |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = WLANCFG.DLL, base_address = 0x7fef3620000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wlancfg.dll, function = InitHelperDll, address_out = 0x7fef362613c |
|
1 | |
| Registry | Enumerate Values | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh |
|
1 | |
| Module | Load | module_name = PEERDISTSH.DLL, base_address = 0x7fef3530000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\peerdistsh.dll, function = InitHelperDll, address_out = 0x7fef35ae69c |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 305 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\msvcrt.dll, base_address = 0x7fefee20000 |
|
1 |
Process #24: wmic.exe
163
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\wbem\wmic.exe |
| Command Line | wmic shadowcopy delete |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:28, Reason: Child Process |
| Unmonitor | End Time: 00:03:33, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x218 |
| Parent PID | 0x698 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
628
0x
658
0x
118
0x
3CC
0x
6B4
0x
760
|
Threads
Thread 0x628
163
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:21 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 121290 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17322662161 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\wbem\wmic.exe, base_address = 0xff440000 |
|
1 | |
| COM | Create | interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54 |
|
1 | |
| COM | Create | interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-04-12 22:30:23 (Local Time) |
|
1 |
Process #27: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:32, Reason: Child Process |
| Unmonitor | End Time: 00:03:34, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc0 |
| Parent PID | 0x698 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
498
|
Process #28: mshta.exe
496
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | "C:\Windows\SysWOW64\mshta.exe" "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\info.hta" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:33, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x380 |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
390
0x
31C
0x
330
0x
760
0x
6B4
0x
628
0x
738
|
Threads
Thread 0x390
468
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:24 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 124223 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17813036530 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32, data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ |
|
1 | |
| Module | Load | module_name = C:\Windows\SysWOW64\mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Module | Get Filename | module_name = C:\Windows\SysWOW64\mshtml.dll, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000380, desired_access = FILE_MAP_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventWrite, address_out = 0x76f70c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventRegister, address_out = 0x76f4f6ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventUnregister, address_out = 0x76f69241 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = Local\!PrivacIE!SharedMemory!Mutex |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RegisterApplicationRestart, address_out = 0x761bb53c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mshtml.dll, function = RunHTMLApplication, address_out = 0x73f9e710 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x74720000 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
2 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x76f48456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x76f429f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockShared, address_out = 0x76f42560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x76f429ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockShared, address_out = 0x76f425a9 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76343e59 |
|
1 | |
| System | Get Info | - |
|
2 | |
| Module | Get Handle | module_name = EXPLORER.EXE, base_address = 0x0 |
|
1 | |
| Module | Get Handle | module_name = IEXPLORE.EXE, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, value_name = Print_Background |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 7, address_out = 0x76344680 |
|
1 | |
| System | Get Cursor | x_out = 751, y_out = 143 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76343ed5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 4856120 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 4856120 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Info | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get window text | window_text = 4319656 |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Get Time | type = Ticks, time = 132741 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 133599 |
|
1 | |
| System | Get Time | type = Ticks, time = 133630 |
|
5 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76344642 |
|
1 | |
| Module | Load | module_name = oleaut32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VariantClear, address_out = 0x76343eae |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| System | Get window text | window_text = 4310928 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ExtractIconW, address_out = 0x7555dd1c |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -20, new_long = 262144 |
|
1 | |
| System | Get Time | type = Ticks, time = 134098 |
|
3 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegisterTraceGuidsA, address_out = 0x76f7848f |
|
2 | |
| Module | Get Filename | module_name = IEXPLORE.EXE, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x763e4907 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| COM | Create | interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 134332 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x754d5708 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT, process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_ALL_ACCESS |
|
1 | |
| Mutex | Release | - |
|
1 | |
| COM | Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | - |
|
3 |
Thread 0x330
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 131540 |
|
1 | |
| COM | Create | interface = DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadUILanguage, address_out = 0x761bcf14 |
|
1 | |
| System | Get Time | type = Ticks, time = 132678 |
|
1 | |
| System | Get Time | type = Ticks, time = 132694 |
|
1 | |
| System | Get Time | type = Ticks, time = 133396 |
|
1 | |
| System | Get Time | type = Ticks, time = 134332 |
|
1 | |
| System | Get Time | type = Ticks, time = 134348 |
|
3 |
Thread 0x738
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 134410 |
|
2 | |
| Module | Load | module_name = ImgUtil.dll, base_address = 0x73d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = DecodeImage, address_out = 0x73d421a5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad |
|
1 | |
| System | Get Time | type = Ticks, time = 135065 |
|
4 | |
| System | Get Time | type = Ticks, time = 135143 |
|
6 |
Process #29: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} recoveryenabled no |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:33, Reason: Child Process |
| Unmonitor | End Time: 00:03:34, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x440 |
| Parent PID | 0x698 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
738
|
Process #30: mshta.exe
489
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | "C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:33, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:18 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x774 |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C4
0x
710
0x
5BC
0x
494
0x
658
0x
118
0x
29C
|
Threads
Thread 0xc4
461
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:25 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 124488 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17838602811 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32, data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ |
|
1 | |
| Module | Load | module_name = C:\Windows\SysWOW64\mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Module | Get Filename | module_name = C:\Windows\SysWOW64\mshtml.dll, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000774, desired_access = FILE_MAP_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventWrite, address_out = 0x76f70c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventRegister, address_out = 0x76f4f6ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventUnregister, address_out = 0x76f69241 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = Local\!PrivacIE!SharedMemory!Mutex |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RegisterApplicationRestart, address_out = 0x761bb53c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mshtml.dll, function = RunHTMLApplication, address_out = 0x73f9e710 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x74720000 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
2 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x76f48456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x76f429f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockShared, address_out = 0x76f42560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x76f429ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockShared, address_out = 0x76f425a9 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76343e59 |
|
1 | |
| System | Get Info | - |
|
2 | |
| Module | Get Handle | module_name = EXPLORER.EXE, base_address = 0x0 |
|
1 | |
| Module | Get Handle | module_name = IEXPLORE.EXE, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, value_name = Print_Background |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 7, address_out = 0x76344680 |
|
1 | |
| System | Get Cursor | x_out = 751, y_out = 143 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76343ed5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 5513080 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 5513080 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Module | Load | module_name = OLEACC.DLL, base_address = 0x73eb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x73eb2663 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Info | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get window text | window_text = 1369472 |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Get Time | type = Ticks, time = 132741 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 133583 |
|
1 | |
| System | Get Time | type = Ticks, time = 133614 |
|
5 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76344642 |
|
1 | |
| Module | Load | module_name = oleaut32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VariantClear, address_out = 0x76343eae |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| System | Get window text | window_text = 1360744 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ExtractIconW, address_out = 0x7555dd1c |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -20, new_long = 262144 |
|
1 | |
| System | Get Time | type = Ticks, time = 134098 |
|
3 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegisterTraceGuidsA, address_out = 0x76f7848f |
|
2 | |
| Module | Get Filename | module_name = IEXPLORE.EXE, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x763e4907 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| COM | Create | interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 134301 |
|
1 | |
| System | Get Time | type = Ticks, time = 134316 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| COM | Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | - |
|
3 |
Thread 0x5bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 131555 |
|
1 | |
| COM | Create | interface = DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadUILanguage, address_out = 0x761bcf14 |
|
1 | |
| System | Get Time | type = Ticks, time = 132694 |
|
2 | |
| System | Get Time | type = Ticks, time = 133380 |
|
1 | |
| System | Get Time | type = Ticks, time = 134519 |
|
4 |
Thread 0x29c
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 134550 |
|
2 | |
| Module | Load | module_name = ImgUtil.dll, base_address = 0x73d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = DecodeImage, address_out = 0x73d421a5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad |
|
1 | |
| System | Get Time | type = Ticks, time = 135050 |
|
4 | |
| System | Get Time | type = Ticks, time = 135112 |
|
6 |
Process #31: mshta.exe
487
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | "C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x124 |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
36C
0x
6F0
0x
354
0x
684
0x
630
0x
3CC
0x
498
|
Threads
Thread 0x36c
459
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:30 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 129714 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 18665518959 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76194f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76191252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76194208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7619359f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x750b004f |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x750a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EncodePointer, address_out = 0x76f50fcb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = DecodePointer, address_out = 0x76f49d35 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32, data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ |
|
1 | |
| Module | Load | module_name = C:\Windows\SysWOW64\mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x76195651 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS |
|
1 | |
| Module | Get Filename | module_name = C:\Windows\SysWOW64\mshtml.dll, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshtml.dll, size = 260 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000124, desired_access = FILE_MAP_WRITE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventWrite, address_out = 0x76f70c59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventRegister, address_out = 0x76f4f6ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventUnregister, address_out = 0x76f69241 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0xb40000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = Local\!PrivacIE!SharedMemory!Mutex |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 16 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RegisterApplicationRestart, address_out = 0x761bb53c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mshtml.dll, function = RunHTMLApplication, address_out = 0x73f9e710 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1950848640 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x74720000 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
2 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x76f48456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x76f429f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockShared, address_out = 0x76f42560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x76f429ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockShared, address_out = 0x76f425a9 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address_out = 0x76343e59 |
|
1 | |
| System | Get Info | - |
|
2 | |
| Module | Get Handle | module_name = EXPLORER.EXE, base_address = 0x0 |
|
1 | |
| Module | Get Handle | module_name = IEXPLORE.EXE, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, value_name = Print_Background |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 7, address_out = 0x76344680 |
|
1 | |
| System | Get Cursor | x_out = 751, y_out = 143 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 8, address_out = 0x76343ed5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 6035024 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 6035024 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Info | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ieframe.dll, base_address = 0x71da0000 |
|
1 | |
| System | Get window text | window_text = 2025456 |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Get Time | type = Ticks, time = 132741 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 133599 |
|
1 | |
| System | Get Time | type = Ticks, time = 133614 |
|
5 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 2, address_out = 0x76344642 |
|
1 | |
| Module | Load | module_name = oleaut32.dll, base_address = 0x76340000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VariantClear, address_out = 0x76343eae |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN |
|
1 | |
| System | Get window text | window_text = 2016728 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ExtractIconW, address_out = 0x7555dd1c |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = 13041664 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -20, new_long = 262144 |
|
1 | |
| System | Get Time | type = Ticks, time = 134098 |
|
3 | |
| System | Get Cursor | x_out = 449, y_out = 50 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x763d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegisterTraceGuidsA, address_out = 0x76f7848f |
|
2 | |
| Module | Get Filename | module_name = IEXPLORE.EXE, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x763e4907 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| COM | Create | interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 134285 |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG |
|
1 | |
| COM | Create | interface = 3C374A41-BAE4-11CF-BF7D-00AA006946EE, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | - |
|
3 |
Thread 0x354
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 131540 |
|
1 | |
| COM | Create | interface = DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x76180000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadUILanguage, address_out = 0x761bcf14 |
|
1 | |
| System | Get Time | type = Ticks, time = 132678 |
|
1 | |
| System | Get Time | type = Ticks, time = 132710 |
|
1 | |
| System | Get Time | type = Ticks, time = 133380 |
|
1 | |
| System | Get Time | type = Ticks, time = 134301 |
|
4 |
Thread 0x498
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = mshtml.dll, base_address = 0x73f40000 |
|
1 | |
| System | Get Time | type = Ticks, time = 134410 |
|
1 | |
| System | Get Time | type = Ticks, time = 134426 |
|
1 | |
| Module | Load | module_name = ImgUtil.dll, base_address = 0x73d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = DecodeImage, address_out = 0x73d421a5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\imgutil.dll, function = CreateDDrawSurfaceOnDIB, address_out = 0x73d429ad |
|
1 | |
| System | Get Time | type = Ticks, time = 135050 |
|
4 | |
| System | Get Time | type = Ticks, time = 135143 |
|
3 | |
| System | Get Time | type = Ticks, time = 135159 |
|
3 |
Process #32: cmd.exe
586
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x538 |
| Parent PID | 0x5e8 (c:\programdata\microsoft\windows\start menu\programs\startup\exec.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5DC
|
Threads
Thread 0x5dc
586
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:30 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 130026 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 18696536533 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4ab10000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76b223d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76b18290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76b217e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0x6e8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76d30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76d814a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 8796092874752, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 23 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\System32\Wbem\WMIC.exe, os_pid = 0xcc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\System32\Wbem\WMIC.exe, address = 8796092850176, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 58 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\bcdedit.exe, os_pid = 0xec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\bcdedit.exe, address = 8796092870656, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 42 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\bcdedit.exe, os_pid = 0x7f0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\bcdedit.exe, address = 8796092850176, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1 |
|
1 |
Process #33: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:43, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6e8 |
| Parent PID | 0x538 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
434
0x
7AC
0x
7B4
0x
7D4
0x
158
|
Process #34: wmic.exe
163
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\wbem\wmic.exe |
| Command Line | wmic shadowcopy delete |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcc |
| Parent PID | 0x538 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D0
0x
D4
0x
D8
0x
DC
0x
E0
0x
E4
|
Threads
Thread 0xd0
163
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-04-12 12:30:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 130307 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 18725477102 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\wbem\wmic.exe, base_address = 0xff0e0000 |
|
1 | |
| COM | Create | interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\kernel32.dll, base_address = 0x76b10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76b26d40 |
|
1 | |
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54 |
|
1 | |
| COM | Create | interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-04-12 22:30:31 (Local Time) |
|
1 |
Process #35: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:43, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xec |
| Parent PID | 0x538 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
500
|
Process #36: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} recoveryenabled no |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:43, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7f0 |
| Parent PID | 0x538 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5E4
|
