3bbac557...b989 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa78 Analysis Target High (Elevated) absonkaine.exe "C:\Users\FD1HVy\Desktop\Absonkaine.exe" -
#2 0xd38 Child Process Medium absonkaine.exe "C:\Users\FD1HVy\Desktop\Absonkaine.exe" #1
#3 0xea0 Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #1
#4 0xd48 Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #1
#7 0x42c Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #3
#8 0xf34 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #4
#9 0xe40 Autostart Medium absonkaine.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe" -
#10 0xe60 Autostart Medium absonkaine.exe "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe" -
#12 0xf9c Child Process High (Elevated) absonkaine.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe" #9
#13 0xfb4 Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #12
#14 0xfbc Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #12
#17 0xffc Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #14
#18 0xc44 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #13
#19 0x9ec Child Process High (Elevated) wmic.exe wmic shadowcopy delete #13
#22 0x778 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures #13
#23 0xcfc Child Process High (Elevated) bcdedit.exe bcdedit /set {default} recoveryenabled no #13
#24 0xe04 Child Process High (Elevated) netsh.exe netsh firewall set opmode mode=disable #14

Behavior Information - Grouped by Category

Process #1: absonkaine.exe
2109 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\absonkaine.exe
Command Line "C:\Users\FD1HVy\Desktop\Absonkaine.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:37, Reason: Analysis Target
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:04:10
OS Process Information
»
Information Value
PID 0xa78
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AEC
0x 86C
0x FB8
0x D18
0x EE4
0x D94
0x 344
0x D74
0x EB4
0x 39C
0x 47C
0x 468
0x 4A0
0x 770
0x 9D8
0x 36C
0x 4E4
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\Absonkaine.exe 71.00 KB MD5: 62d3580c88222c59a276a2df8445758c
SHA1: 8a707b397796972317bcaa55bdef23b305824840
SHA256: 3bbac55728d38c1bcaac6b6fece73fb7a66ac3a0a71093bcacd4577c351db989
SSDeep: 1536:RFOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKQNYDwOozDmAU:RYPxAwtPtoe/zLaGmCZrqcQSsznU
False
\\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.31 KB MD5: 34321098043c2770828d05c31dcdc4d5
SHA1: 8185302bf1c7ac6027ccac91e0c3be90d6dc4c11
SHA256: 6ec6d1e6f118a51e70362fbb04fa197fc65fc1a239f908c324d22757140428d8
SSDeep: 6:vTvuV8GYNEqCd0NrLDXtDeR/y9R2/082sTlbnRc75a2E:vTmVLYNEq3rv9DesR2MWlWJE
False
\\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.41 KB MD5: d9605810f865b63fd121b9a9da4ee592
SHA1: 2dff07a506b5a0bbf2d68b1033d3a35f2b5ce7c1
SHA256: dd2097131434fc1c8ed8d2b7ac8ff5e368e2ccf8e9610584623feb523d7a144f
SSDeep: 12:Qf4vABxYs3SH//CyZlVa5qWesR2MWlWZE:QQvWU3cheG0WZE
False
\\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.36 KB MD5: 45e1acc072ac0ddbcc997f22f1b976a3
SHA1: 375f9e565e7e45cfb5567a51d9c6c555c20d02a5
SHA256: 27498fe3ddab1a9623f5defb6483564923b5ed736e51009170d0ec6ef085deb9
SSDeep: 96:RqEbmC8vTgnAI0WIyUB3ZoUf54ZLAXumVcQj:sSBcTDI0/vLf5ruPQj
False
\\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 19.10 KB MD5: c9b4f1421a8cda4538cbff20516e8017
SHA1: b63124eaa4f453aaa395e096239e99864274963e
SHA256: 19dccbd3ad6ad6bf4d72d54c454a6d2f379285e60217c9109406269d1b8c601c
SSDeep: 384:19EX8i7jWMwxRciN7HJA4Af+YStKUJyXs/UqxHRzD9:YXZ/rLA7HanfUtKU5xxzJ
False
\\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: 1c9887d0df9c16ff371491ffc058ffa3
SHA1: fee4511b4a56c2de84d8796748d92b30609b78f9
SHA256: 4011395c64501f8c4cd89eeaffa6a952b9bf9d6f3a0e027747b2438de750234e
SSDeep: 384:HdWas/tJ/BiZUJF3tdyGn9el1AzymE90DKpruCYQg+995mCaM1PBB9:Hzs//+UJ0C7zymE9a6NYQg+93m3ePBT
False
\\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.60 KB MD5: 25d1e717613d553befed97dc0d4cefee
SHA1: fc0a9ba7eed5699420eb3d5dbb11aa88ac2e1a0e
SHA256: a897dabfd0b7f8ecf8e97f5c1e5754ab85e49bf81befb9eee516614b3b9e424b
SSDeep: 384:bBXGBp/RIdmN1QI2Owp4xjkLweNdboApjF/vjWfYd0mFHI9:beXSS2OwpAjYRLbTx/1mCG
False
\\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.02 KB MD5: 4c05f03be6b27640373344030319a68c
SHA1: 582aa681c58d6183c76d3267af0917edbbdba063
SHA256: 08be8f8d74c02bbf01e3ff403b956a9c6056aa59fe506de7a09691da41b56606
SSDeep: 96:ckhuVX5bFpUOhK7mr42GGk5VYsQyCb6h3R2tj:c2upPUOCu42urM7ehEtj
False
\\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.24 KB MD5: bfd0023252240336c184d5aca664edde
SHA1: c6c7ae939336f3c653ebc543620b8e0fa68f34a6
SHA256: 7a9b74c1a56648cf5bb787ef2178b7c2b69b5d5ba31d7e75e0260036cf8f2863
SSDeep: 96:6/NCDxFhbEAuF8mLVf8MivQQBTz/FWOsIj:6/NCD7hbEAuF8mLVduT5eIj
False
\\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.56 MB MD5: ba49ba4d97a58091e88108b131655439
SHA1: f6f15177c52bc436976acac24a34b060d026b280
SHA256: ee9125f5f68814d792178ab68d278cecb6ff7ac95cd566f9e70a487bcd773ed8
SSDeep: 49152:ncxisfQxoMLInBCVUELNx+Jk4InUZbS5h:ncxiSnMWJInUAz
False
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 38.38 KB MD5: b8fd5392d0d9f39a1134cb5fbec5bc19
SHA1: 775a438f6218a1f51f42792000307cf27e27e5a8
SHA256: 56610fa91f08c54a0d76cfa4b51e8a27f9977b70a88134adebbb20dc64fb5e58
SSDeep: 768:1RcYdqpXD1qoDlE1B4MeMmrWZtcMF60yDmfpvUOj8ycHPMX:1RcYdSXDooDlE78M86tB6rEpUHycHPw
False
\\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[absonkaine@aol.com].phoenix 29.66 KB MD5: 89c8c8b034e3f66c49c1bf4d2fcaa5a3
SHA1: 093d1690021e182d52239b40c32e76d22595a192
SHA256: b5f2ff91cb073a169edd36cc8f2ed90bcb33797751842dfda14276804979a7a4
SSDeep: 768:yJhsC2v1EiU1Wz46LfyOn2sw9IpvjJTX3MB/AJpvWR:ynshv1ZU12fvzLpvjxXyAJMR
False
\\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.16 KB MD5: bf580b4e7692540763c78201f6e00355
SHA1: 3ddf539deaea31f9812f52b6bb7513097cb3db38
SHA256: d662cb3d44610c0a61fc4443db622b36d3906e98c0813bd1c175761e01e61ea0
SSDeep: 192:+DzaFGKABgEwYsiSlwLHpoguNyxCjqUlE:xGKH7XwbmvyxC2N
False
\\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.85 KB MD5: 3a2ee2855e8c3a277dde615bbea16f11
SHA1: 571089d012faf734ba450c4522b06662bb306756
SHA256: 240bfe28afe18c25021919b6269447e1c35979c7e8531087d2ea12bd1dd0c085
SSDeep: 24:EmVeUqhZoPAieCGYOg7Jg1ByVw+AKczQXE:EoqhWHGYOiC3+ALEXE
False
\\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[absonkaine@aol.com].phoenix 41.97 KB MD5: dda00c4cdc58c3ae592ab65e988baaac
SHA1: 3101087392e97042a5aa001e60d461998ff90417
SHA256: 87e1542d5c4b0aa6b37dece8da3e756e0fa8a41b64b401df09fc8623bc2e23b9
SSDeep: 768:rd/cjtz1hwjWDDHV44l2zEAEGOlkSb84C8vQLcNa5L66VjoOxdZvgre:riZwjkD144l2zDkJzvPNMPn
False
\\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 140.96 KB MD5: 7ad749beb45be0b7eb6430a00b9e213f
SHA1: c845bfa952e1d81983534a6ae85cc5478b98448a
SHA256: 17fb0cb48c58eb13b368ebadeba501091bd47b3116b4ecc64eb3766267a63539
SSDeep: 3072:kBS46uXdYubMxthz4/LuHAH4htB0jaEpZPLuSKrFp7sHlbd7ssE6UXJ9bxRKqCWx:3SddK1j6LPLuXrFps5dwLRIVA
False
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.38 KB MD5: 87bfce9c5c47dd4f248c11935ba24106
SHA1: 3ba34e6b4bef36c2aae8c7f0d73e53932f18ee1e
SHA256: bb41fc2628799d36b108bc3af2e7fe131628f8337623f5ed2f70cd516d173d0a
SSDeep: 6:+Bzomvt1d7IFYd/PRiiDz0yU2D2ZyxLm7kyC1eR/y9R2/082sTlbnRc75ac/luNE:FQxDBiiDfrJm7kV1esR2MWlWvv
False
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.38 KB MD5: 09b311e7a6fa9a170887cdf39d3b29c2
SHA1: e04c5f9643c98da0aefe0d11210dde9a3bb260b6
SHA256: 5e9ebc8c27c493ba187dcfc47b25f898748085dc2f8922994759aa30715e0b96
SSDeep: 6:cXHTsOF5ZVcGR6BpO/nivrKR8maobpjxVV+uJyMEjeR/y9R2/082sTlbnRc75acB:esOF5R8IivrmZjV+GfEjesR2MWlWvv
False
\\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.56 KB MD5: e0345a3539b58a9a55af607d9b0d014e
SHA1: 072c6619a8dc0d56d5a6a294fd0120e42bf26538
SHA256: 2b17723161b6d09cb43b746f9c1589b936db24634b0c51c3aade676b36b00f55
SSDeep: 12:3IksAJYGiiT+8meNn7mHO+x8/dUvdco802kj7ZczgmesQ/A8E:4kBJYGiiT+eEO+Zv6pKczQHE
False
\\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 7.63 KB MD5: 37a268a44cab110bbf60c57116bffdf5
SHA1: f8dc6273bb5b17b71be9d4faca94ecbe1de46bdb
SHA256: 3a6b94d8d6914931c460a6c9ac62ee3f2aa77b53210a73c67f5d8ff3ec698751
SSDeep: 192:YXztjj4d+bdmhihCBIfOjIOdxYvx8y0mYSCd3So+j:YJvRVh/fCxi8/F3W
False
\\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.31 KB MD5: ac04d780d5737a6e90d4ccaef4ffb7db
SHA1: dc569f30c9b7e6393f14c0a3c4c21eec4b728515
SHA256: c82cc2783a8de60317101ee60314bae66ee3024148531582bf13b5e2f6ac7dac
SSDeep: 6:gpsCADKIqbdLykuXmxFGAdCn5M1OZ1+/6c+QC2kj7l7czBGwBVuAeJGQ/QmGE:gVXIqbtshiCn5cE1u6cY2kj7Zczgmes0
False
\\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 17.10 KB MD5: 0d342804af48ea8e1b96a2df655e2721
SHA1: 9fb83e1b60421fb5c4a7d5aabf8fd82a04616ce5
SHA256: 6b7c210f085e2c68f635a11475d3d3cfafcfe8c3c933869d867569d82286261d
SSDeep: 384:CdpqnR2wNsmMdsYIDXcZ8txY0mOtmZ0dCm+SDgSwhOxR6xc9:CpgJN6sYIDXPaeU+9YGWq
False
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 72.74 KB MD5: f1447432d680792802ca181195869800
SHA1: 258d55bd9c9d929b7a702a6767c08cd96635146d
SHA256: f553ea635a6020325b1ecb5398709f7347c8ce9d32b9f9d1586e557071ee9aab
SSDeep: 1536:p0PLxTJXOWTj7tmpkNfJmXtejeUw6VMJByxIUX1x1drw+Ge0d6I/:CTxTJ+WP7t1HmXtejeUwVkU3e/I/
False
\\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 14.10 KB MD5: 69410a4fdc8269e7f6dd7772ce7a102e
SHA1: 90a87c336b084ea9da94777223a27230c47a4a78
SHA256: d46bb44b6c21adb686f830d61f7561538be5a6e644ee5092ac9e9912ccb96da0
SSDeep: 384:XR79mk6udoqKOPUjH+my6/uZXIksrGkawdO3cC6lhjTobRx9:h79a7OrZIkZBcRDjTSh
False
\\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.41 KB MD5: abc034537e2ee7781f86ce4a10d4b230
SHA1: 4cde28238864c3f31b767a8c135a3aed667baadd
SHA256: 3b8b5a47a4300c7a164e940383e96faecf26617c450fcf1152cace457d4bfd67
SSDeep: 96:O6WKOCNZ4/tte9PJbzMDcc1tCTrTU8LWOcRNgzUrh7/mSKahts/OmkhSeh/phr3j:O2Mu9PJocg0I6WO66U97/eUugEyh3j
False
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 59.66 KB MD5: fb178831f461cab5624638ffd387a62c
SHA1: d5d6054ee12f820eeb0fe62644fb305bcb767699
SHA256: eef4e884e517fdca795e3937bd9bf59ddcaae87534d38d85a298952abad8702a
SSDeep: 1536:+Cdreimy3lfgamQTDk35xSB9jfWnVktiXj:+CdnmafggTDkJxWf+j
False
\\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: 3a782942f068b808549fd115458a8213
SHA1: eadc7d32ee36430ff8ee55d8fa039028d6fe0047
SHA256: a01464d226736baa5487a6edeb0708c2ab36918238f58760966b4ba9fc387b05
SSDeep: 384:222NbHS+40zS9EXjphbgs8piEcShHcEYK34zXw/QLNcwN9:+FHS+4SXfbj+cShHcEYK34zeQ57f
False
\\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: 32e709d075c4a20575c124cd725f0043
SHA1: a181d69d602e6979daea23d683bec587b9b7f7e3
SHA256: 99f8b1fb3c8c5f7b70001585172f0b2ad4a31bdccbc699000de01c7dc5464b3b
SSDeep: 384:vgl5kDYbo4WnESPIW+4eN3wUW9pxZFSW5AKBEcdjTZIcuNYGAXONKL0Q9:P4oEwWSUKZpHEW9PuCGnKL0u
False
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 79.33 KB MD5: 7f7cc7b1805b0be61ed26cdfba2380ad
SHA1: cde2d400caef70b4fb72f6b64094bb3533c4fd69
SHA256: b40fd647eb1a431db889ab8e74538f47b2f2987cf0582697ef5e0b801c46f081
SSDeep: 1536:D3e6b5Rsu2Q+y/SXCXR1zhlIpnmZG8QmarEeyPg9I5rRwMaoKBmLn+VZaEXNun:ze6rsUB/esR11lIVdWKzyPyUwHJBmDQG
False
\\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.88 KB MD5: 51cc569a0445fa87014c66f3c68860c3
SHA1: 04a476ffd5171a7a6631887f79931656be4db571
SHA256: 451a062950da1de0f9433f3f3d715cac4da83c8b4a3cb8d70e4133747c4b0da9
SSDeep: 96:f/qs9hyggiUu7H9ZvEuy8NSsRml9OIQKj:qs6zzSLEuyWSGmlxQKj
False
\\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.49 KB MD5: ba77dc1d309e659df4275e004780cb48
SHA1: 5ac85106e46b83f9173f04328defa2d1af436f2f
SHA256: b969f163eaaca6532c4833bfa78ec1962f7b64eb22d96a76402730b4b19983b8
SSDeep: 96:aEDzyHpdLHx3OjKYwHKkBn2E+CkZKg776j:aayHprr/K621zKgij
False
\\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 76.19 KB MD5: 8d90a96a149ca876c09c7b821756074e
SHA1: 596a382c8b6283780d2103edcf2dce910226de8a
SHA256: 8ad8b4e1a3a0d04e906712c0629113562aa291423be40848d1962ecb0f3d672e
SSDeep: 1536:ke9A2VB9x0z8+hOnVGU6XiciJeFrY+hi4Q9d+yW8OFIm4Ysk12iBB0MfDHHqyCRm:kAA2Yz8lmXihJeBi5IGOFImlsAB/fDKI
False
\\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.60 KB MD5: 35db53e08f92d7f4a196cbe025da6e8b
SHA1: 5330d0449bfbc46ea69fa2e47c99f40140db55c4
SHA256: 6edec9f228675598fd0e04a428caa6fd862d7807c928b25ec754fd700a2da9e4
SSDeep: 384:xxwtnxedQosGN1S7D7xQbXTc8ZRAD3YYBn8l18oSuOA265KoXIDi9:xxwtxedQoLN1geU8Zq5UAuOA261Ks
False
\\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 19.10 KB MD5: 7dbe29ed7f00d3ceb1ea8f4935124540
SHA1: 36fc71b3acfc774a10cd58feb08af5f97c25c77e
SHA256: 933d56e60e779543dbe6469416da43113cfdf077dd701b417d48d9de70e85a51
SSDeep: 384:ajdl2amn12UHmCOyQiBT6uf44+SG1L7TSrhe6WdDrSz9:adl2amZH6yfcuf44LG13TcidDi
False
\\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 80.67 KB MD5: 81feaf8b10a0e812ddb81d34f0d113b6
SHA1: 14d24ac269e000c154a53e2b43fc8d456d7ba0c1
SHA256: 5d52b93fbe41e6e47d4aef54c2fb5e656e094dc968aaa9a184227beefcfed855
SSDeep: 1536:K9bPY64Of+yyxHOOOMl/XRVqiGLMPRsXanZ0rMSwEYdamTTmVHyy7D7purR4Q142:K9bPYcDMJtRVWLvEZ0rGEa5TTAHyeDeb
False
\\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.58 KB MD5: b49f6403cf698e13a9c45a8fa3231ac3
SHA1: d3743a4da2cb3f234c9f07d271198f0242470ef8
SHA256: a04ae8c4230ad0cebf87c640a6296e832a6529dab61aa02c80558f837a53522f
SSDeep: 96:v+y8dfEuncxAJhrxG5Ch1Dg4WGAY0U09otNFttcI+hj:/YEUcCgYh1g4TkUMMmj
False
\\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 84.52 KB MD5: 9c422a957820a5c4c9c1ea35a22aa725
SHA1: 6e49a78cf85d2d10031afcb048a186382a4465a5
SHA256: 05506a829edac0c2c19755193408dcd3900c94ef833ee8c6f733b1ffc8da7403
SSDeep: 1536:YygJ2UD2pqs5gbl6i9cBCjadT/db/FEM/dBkyFl13epEszJHJyjHjd8tN:5c2vpA6dBgZ6fP13QLKd8tN
False
\\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 8.91 KB MD5: 4815c66fed6efbfabf9d8774a34dc90b
SHA1: cdc35f9d1316f7773a66174ef7b91ea77f6d9b4e
SHA256: b511b1de6c6b7852f3b5624d3015c1a3973a76c2e70979728a34d34d1a566bb3
SSDeep: 192:/IuT0sQEinocUZ9RgLFg0Dk4FSpjz/0apKmfPRdkaQwt3h0fr5R4K56fj:/V0sQjna+FgJ4FSpjztrXRd3QYx0frv8
False
\\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: e95299da635a545b2b2d87bf72478e03
SHA1: bc54d859ddc6e487b0ab65bb2eeb48aea7661e28
SHA256: 7ebd6584ab523205aca9a3da998685cb7c874652b9b62b3e6d3cf369f5929e97
SSDeep: 384:PFZUaapUBbr6oyEr1o43EQSS//Auf6IE8RBmf2A99:PFSwCfEhoO/lnASRBHAv
False
\\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 75.69 KB MD5: 387f0f5b174503c4c9b43ac44f5c7056
SHA1: f09727430ee4ffb8677c88db78d073ddf4bcbbc5
SHA256: 1761eefe4a679c553a9ecccd950050b4cc8a83938ac78c6ef86aee78a27601d6
SSDeep: 1536:CXh0CabhyaumpVyb2qNNPmXXlZtTtqE8XnPf0NHjbJwjHlrbi:CXh0x5psyuiXpmXH0RjajHlrbi
False
\\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 17.10 KB MD5: 8b3a239344904f6a935e15d9b86343a7
SHA1: b0deb75ba5714689120b229e73493458fd0f44a7
SHA256: 2395b2e2769794d7316e2a8450552cd847354b2576aebc725416e2eb04fa5aff
SSDeep: 384:NBJA8TRohPH8sGu0RVeGRNeriz5xRlQj+7hcoJ7Yt/wjx0CG9:fKCsgVYI9h7hcoJUt5
False
\\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.60 KB MD5: d89420b0f23b5e69e40af38d5a1ff321
SHA1: 8dbe3f67bb975bb88ac8c0eccea8eb41547d1ca4
SHA256: c756d717dabc00f9ec8b8c9c9274f8529940f1ef693ce777d7a11adf2c27bc74
SSDeep: 384:ATYZvbytXYKpDinCtvxM751ydpIkq6VLcl+q7I1iG8Iv+b9:A8EtIKkeZM7fu++AI1i2vy
False
\\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 16.60 KB MD5: 868ecabfe49048818ededf9431943a8a
SHA1: 321afb3deb55977aa9d45bd9c11de90bca3b2fe4
SHA256: ce6b2ea3fa3af99d2bd30003e38e85050896ba42d7e6c5ab479edd3c4d19bb88
SSDeep: 384:a8cOZ0ntt7xX/5W1ecb1Luwn1kS4dgy+aqi42pfMKn7OYToEOlOR6JYM9:ahjVTsbn2S4dlqi1pf/7Ow9o
False
\\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.86 KB MD5: fd2b2e3ce7f08e13a2320ceba70cecae
SHA1: 3c37cb4a1d0ca5ba9feee7fcd7defd49a089b469
SHA256: 1280346927ee875edfb2b5b475069b33e559a9bafaebf461bdc5623918de83e7
SSDeep: 96:U8TxEgTYMnvPwqb/ZgrCRYY17RPyqbJfN0uPAAcFj:U6xEgEMnvPBbMC34qbJfN0WAAcFj
False
\\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 75.47 KB MD5: da2da97d66a7aaa44fe97a151a056b3d
SHA1: 8b9fc7a61a85e4368bedc3091703a2a80dddc204
SHA256: 5d8b3eecbadc9f21efcf06b4e4cd3eda7c508493cf31a54d2ce1843b97ce36cb
SSDeep: 768:AjNUjhJSincLolhFjvcRSjgm6i7aj2M34Fsl3G59vwz2xRjs168h5vkqHnFCMNbR:AhUjJn9Fg9P34FEG7BxR98HBFNbjf9
False
\\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.60 KB MD5: 769888dca84f9c5552d036fa495686a3
SHA1: 3edfa19aa3a6d768d27ae765557861523fe365de
SHA256: 4e73d5f29eae41c892da0e96b8316e00e516a715fe208004f24949296c80c6ed
SSDeep: 384:EntlkLFSnMJUnZTTi/f7TRs4B2hJ8rxUfw2bJ0Qb4ifhq3yG7cn5y/lZSu2w10V9:KNMJET2/zTmwx/ukifhgF/lEuv10H
False
\\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.69 KB MD5: b86419bd7c3ef3f3d446c696569288b1
SHA1: aed163fc918b4e0d19a4aec6fd97ddde74fa85b5
SHA256: bdb87511334abce9887bbc87d9b4aa6d20113b1cd6b6336bcd0b35911ab7d180
SSDeep: 96:JnH86JTnEhZ2zs2h7DMY/hTLW+zz48U+rXy4Xpaxj:H0Zqvh9hvW+5U+jtcj
False
\\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 15.60 KB MD5: ca1496868e824c4a749fcd36adae7869
SHA1: 31de45025fa404f1c275df6367c530536a2a27bf
SHA256: 899326e2c7d4ec9a62588ffe01963834b74ef0f3bf39d378659fd0bc83e9e1e7
SSDeep: 384:rhaFySpYV057UnPHAA+fBJlalaCVucSCLlI+n0pSA86QDM9:rhuyoYV05IPH1+/lagijSCLW+n+SAjQ+
False
\\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.94 KB MD5: c0d6af51feaeecab79ac4ff32d64a6f5
SHA1: fc4fef1f2e8b55553c5e513f53bb9c9ab1a5e168
SHA256: 6b47757304b2de65d2028ba46b290152505bb20a2a88075f490c8eac8c0a4430
SSDeep: 192:GAGlQoBFcS6lIPyknT2PAXSxwvLBSU8Nqx94exwj7j:G1ldBmFlrknTgywxL
False
\\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: e2a16f95956b4b7247102f738dfccc32
SHA1: 5ca868f56d0c04679e6718fd28808ddeaa77c822
SHA256: f78627d9710acf1dc50fba190a8efaf09402d39599028e72b0d0702d9667786e
SSDeep: 384:6yLLKOcTm4lalrTCyeI16GuTweOH/tXFf+glcCyQELw/YpnXlloWz2pLWl3oA9:Rca1XCyeY6wewMThwCVlb93o+
False
\\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 81.28 KB MD5: fb62660ae0d8b828bfcea793bc56d6e3
SHA1: 085e1d8f974d00fc910bd322ed4a158f4fc0b367
SHA256: a8cad72d51b38c29975e0df7808b4694d4ccacabfc73aa085d4f8fb7a994827b
SSDeep: 1536:LBjxrpGnf8gLW+RheijoSkhcxsdoHL6UN6Olqz/ChgCHfvb7TYi3juXja/:LRpQnnLfMAoSkhYsGHnQz/ChgWffj0i
False
\\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 70.64 KB MD5: 471c66baffca57addb71c5234ecf9d05
SHA1: 9b34288cef6d2eb5af167c11398958078d1f7067
SHA256: 707550ffa99d0b3558d49313b28f233997529b539d1742adb211978519ff2d86
SSDeep: 1536:CiJbbjuwbqIVBgXpGbqlirkHJyWQ5DWeNlS:1PjuyBggbcKmJyWADWqs
False
\\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.39 KB MD5: 13cb1f4e69e7586ec0cce8c8547f4f34
SHA1: ac94851aef6c32fb1a0e082140aa1d783f1dc0b7
SHA256: ee9fd8bb37118f6b23af7cfa4c71d1d5d9205952ef6a36490b37a0158fec1a5c
SSDeep: 96:QcNu7cIJh2Mj1h2aRNeznoLj8HtElJ1s16pVTata7j:wfJhpj1Nvejo0HgqwFatCj
False
\\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 15.10 KB MD5: d85e38196ea9db0db31ca3260218aa5f
SHA1: cf157a90f767bcb512228f9e2a7e3115d47f872b
SHA256: 53bb222acbaded6dd40fd01bb3dc7e742bd24689ad19c241ac3394e5b255e940
SSDeep: 384:SbXrvZg9iu16no0xxKVHrP2KLC3VoaM5so2S8w8fkBT9:SzZg9iu11xF8mT5so2nw88B5
False
\\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.80 KB MD5: b0e5d06e73b0e7777ff9187e06a9dbae
SHA1: af0356fed2bac74523d3cdc8456f6306f4887c7c
SHA256: db22b9ade882ec4c45bf3dcc75716f5e037dd8cfd58f7f8d723947313294588d
SSDeep: 96:E8X66rHxhtjt1Q9/z3QqjtVmNdizGTPkKufMT5j:AOR/p1Gr3hnwdmi3R5j
False
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 84.67 KB MD5: 6eb9dc1fe836661306e28a68e5763f30
SHA1: e3a12185be82d006b928369b99c65d9158ac182d
SHA256: a6b11416687e76f78d1eadf6c34cbc0071678438efeb3dc45d63684c7dc3b4d8
SSDeep: 1536:t3kal86M7eeW/HwBN2HivyZWFWbcBQYS782+czlTCR/9NEc20:t02iwfwBoZWFWbGK8MgR/Eh0
False
\\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 10.13 KB MD5: d00f712cd948bec3c7408aad19f1d9fb
SHA1: b4cd842bbf0ed738c6e22342abbbc2c307d92a80
SHA256: 948b930e71224f6ff35d02433b7532da3b11af99e8a8193a6ca68dbdff5a5017
SSDeep: 192:5Fr2j0XZGGJ7Y2mIWwAVBXe94CBsvnYSt/BWFExvq9LNloIumXWVj:5FijUZGg7Y28DXeoYSt/BVw9LNloI+Z
False
\\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 17.60 KB MD5: ab24a14e239358694804bc860a9735cb
SHA1: 6d657a20cc8f03d1ded404327bc2bf185848ad9f
SHA256: 991b6f115a64f1765dbeb3cb0ba3c9e6b6a6059255c9f8322bb90ef51b62453d
SSDeep: 384:5aqxMBLF2mRRg2JfHqgIQUN6XfYviZLRLxkr0s61cZ9:5alMm/xH7IQUFyLRyYrcL
False
\\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 78.44 KB MD5: 0d57f10d7147fe2828dda10affc25276
SHA1: 69df07ee75a62fb4e3f0f7a95e3d4de9939784b3
SHA256: 83500bc7990168fbf8232bca5db1ab5164de26ed38376079453557bb994a6dfb
SSDeep: 1536:k3V/71HwTh0oLWSWEJZRWNBNztaQJNP2ZGHyB6BVWXNd3QE8vnj/dFRY51zuVY5F:A/lwh7WShZRWDNz/JNuZRBtXN127dFRa
False
\\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: ff953383eeb231c5ffe7308cb617562e
SHA1: b82c1243e7ed7e3794f5fa9f57fb80d678ab9aa0
SHA256: 9fb882cf65d1cb92e10cd759513167fcf89b0ae1add4372d685841bd4fbe0724
SSDeep: 384:l71TwPVsMS1FAa5zVWZHTVhcoAxozdMzwuEHWjJhYRhJ9:LdMSJZVWZzVhdApqW1hYRhb
False
\\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 66.89 KB MD5: cc4101fe8aee3e473d936589d83efe7a
SHA1: 6bb393932c2cd9f16d48a117cb5b04a4d4d6e00e
SHA256: a68ca9694b0b10d3ae411169b563b705b013cdf41eeb91e8c2fbd3b23f44eeee
SSDeep: 1536:uOGQsOFXow5RfIuEJ1j8l0BVgGUu6exWcU88LE:RsmvRfBEwKBV4ujxhR8w
False
\\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 12.63 KB MD5: d21a4a92dfa55b3ba1f375de4ac4ad6c
SHA1: 195ae9493277d5758fcc61da2ef070faeab9bf38
SHA256: 3bb9eed8a4efe4d3dd25728c05728401c1dbccfb0709c4e8a2001c0c1d8a32ef
SSDeep: 192:TEg+8u8RfYwoNiAjLDHF5jILzwy+PNDtqtJpbn+Ku+cvJWiTdGyiOcvhahGCoHvV:ogFJYtoAjV5dZo56LpAKdiOcvQszE89
False
\\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.71 KB MD5: 0e48fde26df36c5264f9c6f0ed129b5e
SHA1: d0b9f36be67a5301c34476ea5f4f66f746eb54d3
SHA256: b4b753457a7c24a1926cf3598ba6d3d1f4d679217252a6deefd852007f4b626f
SSDeep: 96:Tq++SXJ5DmL34htpETMjaQE0aBE5fWr3PRt6AoYsON6Cgslrwsj:7IcVUMmgGE5f0LMrBslbj
False
\\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 78.03 KB MD5: e083dbeb3dedf9fd7b66746d7c0ffd79
SHA1: 52ecfb92d475da5cbf8ad3c193e44fd322991b79
SHA256: 21bba2f7e92c19b71183f032691386cc93805ae27a8a71abe89f42b7714c9de0
SSDeep: 1536:ltjTtN5WbnXRClLvUkqX4wtJPXs3zuDcMr+NEpG5+dY90F6ofj:ltjZ2bXRCpqXLVo43u+dY90Fhr
False
\\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 63.97 KB MD5: 03956b8ca30fc55a22de03a1fba8dded
SHA1: d0dc39806827ff35b1a1f6876d73ffe81b0cf8be
SHA256: 90661bdcd6c4222e585ad637b4e603dca3bdd1fa1f084dcd7e81b89000995d2f
SSDeep: 1536:FVdp8hn5B/MqQ/rGRa6t7kgsQGuwZJ989/1zB3+Snz55WHqx8:F18h5B/MqDRFtgSU21u85WHqx8
False
\\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.10 KB MD5: d0c44a47307847f530bf2d97f5cd54a8
SHA1: 9b3ca8216bfb53dc3ed85c90951d6fd32b9f163b
SHA256: fbdaa44e5d117505d154b454b55773383ddc36ca70a61bf6b124bc485eb7c4e8
SSDeep: 384:6tQQ2R5ITV6IlcfqEbvrQOzmyuHpkrHE7vIk+ZkgkyNdBCSrTBKAIMYbhj9:6yQ2RrfnzZayuJjvIk+DkyNSiKZbn
False
\\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.22 KB MD5: 2f8982923a4b1df1667ab4df896d9e49
SHA1: a7d51079e5be26829b0cc3f1d6f3693bb853bd3c
SHA256: 83580f1938f5a74d78b20700ff2e8ae096db6152d8f882d368467360eb5e3570
SSDeep: 96:/Wy+Q6+QjPa2nZt0ul7EyN+c6tL4x3P1jj:/Wy+zn1Zt0i7Eykc6a3Ptj
False
\\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 17.60 KB MD5: 8b42c5eafd53a48e178a8f470c56fc5a
SHA1: da67ecef06492d05998f590d4b974c3edbf0ab10
SHA256: f6e27c60268d7fa6e09f0f1bec13193854e388c3693aebb0cdf079825cb417b1
SSDeep: 384:pIosBssVq00nAumuM9fsqhMesLaKe0oJltM8zXK43Nfu/OTZxbR/9:Xs6st0nAhfVhMeUmJlBzXKatu/wvV
False
\\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 14.10 KB MD5: 0028719bd437cc4dc05f1e6e455c5acc
SHA1: 22cf87281cc8127537bce6ff9498e282a1ba2751
SHA256: 44257ae823549d36fc0c656b917be18fbf434afd4aae7630b8bab748f21e7a7b
SSDeep: 384:ds58KAT/bAfyyUHfcWweixI50M5MTW38LdTzaUEK+dC/6X9:Gq7/tTkyGgf5MTBBKK+oY
False
\\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.60 KB MD5: 474d39f5b43efcf4bb163e49be3ef46d
SHA1: 7310abe68bea54dfb504453d3f8c5157d5df544d
SHA256: 48fca5ca8532f5d7f7da842df4ace08719cc4f01fbbc76341637884dcf9083da
SSDeep: 384:mU5j0ZbW25ZmR0MAked5Juk2SDc08dYpgasTzcGLTsaYC9:l5jjze2e3Juk28c0EaEgkQvM
False
\\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 14.10 KB MD5: 70c0c82632c7cddf298937d0a2cae4df
SHA1: f81ccc246f7ace4005e77a3ff042bfcbbc3e4e18
SHA256: 2645a23f2bd47336c99092f9af272a4e27d33d92dcbf8d5f0250060d8fded038
SSDeep: 384:YySe8bTIuxy/ikCv4uHe3AkWI/YJ2s1xeqyr9:YtNsKq6wTQktQJ2sjox
False
\\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 86.71 KB MD5: 6037b531c5ce8c3d7819c76b5048121e
SHA1: 7cd7e1949abb38ba5967de5791af8b567e775dbe
SHA256: 902555537ba25e2198987eea106b441ac25b716b365b16b1b6c4499dc13091c2
SSDeep: 1536:QlsmNyJNodg7dv8odFRmix3t0wfzf0MLtknfqzRN78bMYhryWK0GgKMKie:ihNyJNodgF8sFEiL0wpLtoYN4YNWKuZE
False
\\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 17.60 KB MD5: c97fc3744206ffb07182306d8289a4ba
SHA1: 083c848a8084eef294bf3febd0f8599027cc837a
SHA256: 2de6253c8afbb5e6683b0be39e40cb921259c67298c585547972e29e2850f3fa
SSDeep: 384:aNKEGtVPEdmzIAqTEwO2U87EFv2nPNDuFHSD9:a8Ea8SqIz2lEFOcyJ
False
\\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 77.71 KB MD5: f5591f4063b8872fe83542faf8554441
SHA1: e262f290926f04af55be7c0eff1b0f4867a1021e
SHA256: 432c8586ef8bda22c71b2c3c5a60d83555a47f489ad1bd80781a3c9ad92c8ef9
SSDeep: 1536:rrNde9AyzWn2s5gBcvDLomCYSf1d4ktoUshCGs/zHYHStriOHkkWs:rrNdwAyzW2s5dvDbNSf1d406jkzH9HB
False
\\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.19 KB MD5: dd3bb62b2f9a4a2f8ece7f333f1f403a
SHA1: 4b2918b21888c744c27f6c6d6da3b2076a6dc1f6
SHA256: e582c81e757f13bcfad44108bbfd3649393773dadf1fdec33830c0d3bb9aefee
SSDeep: 96:ZGl24JEwl98sNBZ/j5Fp0Ws8oc1f9JKwOIFnDqZVrCHJ/jcoj:ZGRhZ/jtDs8oWSrk6GJ/xj
False
\\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 80.71 KB MD5: 69262c5b9e4bbd2c41c1afe8bb0515dd
SHA1: b9b0195580d191635c993eb394a58370b7322979
SHA256: b70e77afe30581e0e56c3c3062da5425b0559613cd12e0b7c87116300f4bc0bd
SSDeep: 1536:6870MKxV4PPazEVpM4Cd3yGWXrKfETwvmyA2gmDxoTtb2ICUwvp9mSoihoG2:j7hKxV4PPaAs4CdiGWbKf1AwxWfCTvvK
False
\\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.85 KB MD5: 76af9b07daa6a678fe8ab666e230f1ce
SHA1: 37ce9afdf843baeb1b7a69e884714f040e7deb73
SHA256: 5820e5ab19582070c0040da918fcc4039fb4a6a5202a4eae5ab4939c4f72f963
SSDeep: 96:q2QcJVlyREd86KT4puw5SISewzgmaV/28NGIoTeoARj:TVlyREdjKT4cmgematEKoARj
False
\\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 79.11 KB MD5: 4c58117236fd8403c3f7f1b93d641e81
SHA1: d5bfe98a5c21005465a2c7d76e83c84bc4a4baac
SHA256: 945f735258f862533b5d869b54c2e2bfe07e8a85605f40f06e6b0c7965702139
SSDeep: 1536:4TT4yd90TDzjXboYprqQHM/iLZmuEbbuKUdtwts/4lmATL8TIiQjS7ogds+GA4r2:CyDzjvpXHM/Yubbetwts/4l58kigS7o6
False
\\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 79.83 KB MD5: 6ae3e0eb9e03f0975d7bfe1cb55d32a2
SHA1: 373cc3fd0146ad1e50f6afa678f0c29c41dcafcd
SHA256: 0411dd5b9addd269d443ace84d7038da678f4a9c06e41ae0f205b9fe61e88ca3
SSDeep: 1536:LfqsDFDP0EMFC40fd2thWZSnDhsZKjAfbzjkLi/NyD9E6lom3jasIEbie0WmRB:rhPyFlQd2thW0nufbvkM3I3xDbik0B
False
\\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 53.42 KB MD5: f2ed3bf42c26398160942cc3d868168a
SHA1: ff85c1c97a4631f8ef303f331e9522d1ba7057c5
SHA256: adb9b2c95e617b6af4b084a2088e9656be69c2202ca6b2096cf6780b1b7706f4
SSDeep: 1536:zeEaIZPJZW5rIsdUMlGES7UQ5qgBBIuNqmNRWDb9SduIu:zNj9JZW5rIsxsUdgBeuNqSEDbgd/u
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: b29f9bf3b6006715754b0ed2ff0f79d2
SHA1: 7f626a02f4e9a0a29bb76956fa5e359484c29e99
SHA256: f11c3f05fc132f0501f8117efc0e47c76337f3e45e5c027b828e2591ca61c489
SSDeep: 24:1+ZXvTYGKTEM5jsOwghtBDozHl5PYpsoqUkdlSOxylJdicouCKczQt:wZfTY/YOjdFETllYOoqtfIvO5LEt
False
\\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 76.13 KB MD5: 0cdeb09fcff629b0af41747b2dc6cc5a
SHA1: 13437c4d0f6dc6dd2e951c4dda1ea093391cb50a
SHA256: f2a8cebb27a4c40e12242da6461d380102e532f1438cdc8e0d6d401347a48e75
SSDeep: 1536:cL9uCDzMyIgtoRn30IJCi9iyh00ns/scXnICGNOCzH274qGzSqjUufndWj:27PMEtoVBHDqJXnlGNOCD274qkUi0
False
\\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.36 KB MD5: f247993e61dced6428b5df545ddc49f5
SHA1: 3cfb8e6d7a40dda0b29b1cb8446c501f509341e8
SHA256: b633204d85155386c710be66c5ee7ae04446df45fec26dfb4d13eb9030c0a784
SSDeep: 24:sGzcLf7OhKCX5h8k1JQxRMsrTx1DY9uB1iMWj4swNVbcoaKczQt:rzeYL7cMsrTYAB0DKVYoaLEt
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: 564b2ae1b3ce65547d62c77cdf8a985e
SHA1: e325c10bdae8f018034de8a1655010676a1101d9
SHA256: 1211d1a3353086c7480cf052722f10d11dddd2fdacce22f087eec52c9b676af8
SSDeep: 24:SBhSe9tEgVJQhuWJLhhz/oBp4KsQgT7iKczQt:LytEQJUljuRsQ0iLEt
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: 3c0ed8147b2c624b05c6220aa8f03141
SHA1: eab0c28770475272132a2e1ccb51b18e733572b3
SHA256: d591866ae36549598536a99ca002f0cae3943c44b0d2ef0d2ce056f675ebd44b
SSDeep: 24:2Nrr8TbY3KkJUI2Aw9STSUyox6KZlotaA5+rfepKczQt:SHKYDacwIT/yq3ZSkA5+DALEt
False
\\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 75.28 KB MD5: 5d269a1c3df08f95d70cb9ad3bc1f1d1
SHA1: 5ae5a89af5e469a44415c00d60116bae8b4353d3
SHA256: 95013ba31f1a123bc4dac42ab07118a265e597527d87a8d8d42cdca7eedecd65
SSDeep: 1536:v/mafd4uddmhTUmiTeZ/cKraha48kA/45mFYATI6TmAF2dTdd3hd8:v/maOY/miT0r2amA4mjE6TmFdTP8
False
\\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.02 KB MD5: 80df0444e694d0e62af53fd73b84c92d
SHA1: 36ce76f118d413584cebf0629dc12c743cb01218
SHA256: 711303230d0c842938d3183afee70430b6fe92e3c5051ac74e99d42ba2e22c7c
SSDeep: 96:VziSr4qkPaPzq3bKkPjpP/yuvFv7rhn6JeV+znaHj:VGa7cbFpPquNfQAj
False
\\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.94 KB MD5: 71a065c24422549242cc93534c059ae6
SHA1: a111b3d545734efd9ee35cf64171c73c75ba06cf
SHA256: ecf6be63403d39951344fbc34242af62f11e5b1e2aa71caa9098b93f26ca0122
SSDeep: 96:RHUU2Hy/rJ1If74R8IE2HviV68NdUvXY2Afzm7PNGVPfh6YAa86pvcjT4qlYHVnj:B6muIJIJvUvIbzUMpfh6Pa7pvwlYHVj
False
\\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 59.52 KB MD5: b925257fb28b3fd793f8b63d2054ba66
SHA1: ff1c66e15276ac7d78dc45364fc324417f3c191b
SHA256: 5d125ba7bba6863c5052dde087dfdfe2301c69986fe9a6728c51f63c065f75ce
SSDeep: 1536:1bEbSH/feFw4jNTrN1DOTygs6UReAI32bVB:BEsojJrN1DH7e33sVB
False
\\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.16 KB MD5: 94a3a3f27e5dc036246ab9553ab2d048
SHA1: 8bbf6ac76691d0f0f73a93103979c3e7460886a3
SHA256: fe779a06e74f855a9b4eb771857fa68cad00a99f9bdeee180a52f2d065eff6ed
SSDeep: 96:yfDzk3+A7io9nyuTWVrEH6S3aGYaPOs6Prfvfg2O4e7hdlxfoj:yfPl+Z9nLure6S3jnPOV7qlxwj
False
\\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.41 KB MD5: 6442d9081b80a5fdff9a0c7a2c48437e
SHA1: 2e3447882a35d543270c4d6cd55ab556cedb163a
SHA256: 27c0f8081428c74743eb48dce91526b2aed5a642c2b33aea29c7feab3e1054f7
SSDeep: 96:Ro2KGSoS4pJGycxlPqIZITQ7O9dcp40sT1JG4vkpwp2TPsrvWQ61vpBG6vrZj:RowSic/qIZIFdcpQLApwFOL9jvrZj
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: 59ec3b79b889d8a517885ecac1d78a0d
SHA1: 5fa07d74c0b8db4ba9ac31d1d5216468f23892bc
SHA256: e3c086ae311df9729c24a28d58c2f26e6d26f2f5bf9de37d3246f9911de4e195
SSDeep: 24:pbXb11v9zsZ13mzHG4JkyqFRQn1W3FPP08vgxC7k0DO3KczQt:tXb/psZxmzHG4ONFR+1GP0C7q3LEt
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: 41ae78bd051a117e08c10b91791e0090
SHA1: f02734589a3e6005f5114acf6d00bbc765550d07
SHA256: e9b11af54284d6634f25147bc4bced5bb3518ec3809888d70449ecd74fd914be
SSDeep: 24:tTMWX5r/7VZrT2GYUTI2xa5Kv90Nvff5SYHPfCKczQt:tgWpr5Z/n7a5Kv8Xh1HPfCLEt
False
\\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 78.63 KB MD5: 97b3160ec4cc0807338028dd54a6a058
SHA1: 11131e8fedd00dedf038d250c7cfaa76cb7d2c63
SHA256: 0fc1c4aaca94c4cf0f42de5e4b592f38da01a2d3efc558ceff6ce04a5f5949ae
SSDeep: 1536:ClqUBwqOarpwCCndX4SIjWK863cVxDm0kzO8HLqhzW0Ofdl9:0jwqZCntK8OuDAO8rn0Ofdl9
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: c723731c343bd1e62c9694bc60759fa1
SHA1: e2c33cf16d9f0bf89cd028086eedc177dd253cf9
SHA256: 07aaf019dfe9901d77b56fc9d4a5c096dfe87a5f23e7a060100bb2db78627aa3
SSDeep: 24:BpWsGcDOklxCiCPuK8tHBTGcYwCWX3GwQTTKnDWSYzyQAKczQt:BkEOklEBCxBTGwMpTKnqzmQALEt
False
\\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 59.66 KB MD5: 718f790245e9a890edcefa9f380a6940
SHA1: af3aa612ab5ba4afa5e20dfe0164e771e37c4bac
SHA256: 63774fc27b7f4cf27d67502fe4f7b7c090be0a0cb706c5ffcdfe7640cea0e97e
SSDeep: 1536:6qk/uFs2C5fUz33ZQDvdKOh7CEAWw3NZSqDa0lKIr:6qk2uZa33ZQDD7weqQIr
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: 1c677c2f5a781d552ed932c0547447ef
SHA1: c40292be2677702e1003b9a58d43361b00f15417
SHA256: bc769b7a46d404541f380406868852eda1b42312d1267022fa435798446698af
SSDeep: 24:cGmM4F8l2xLI1vIyL/9i+GowyA9zlwlugRe/pmdLbbL6hsKczQt:2M4G2xLt+/fAVlwpRe/obL6hsLEt
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 KB MD5: b1a879522035f94721eb2b295e599e37
SHA1: b519a69fb699df9ab64121cf4980c16d42baa020
SHA256: ffc8b5277ae028e5baa7a44da25d4a8c8c67aadc4aa347c47b7750b72a1ca1a9
SSDeep: 24:9Kd+KYG4yf+yv7iMp29YWxKe8fog0aZm7VTvcTKczQt:9KdTao+yDiM22Wxm5c7CLEt
False
\\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 78.38 KB MD5: f3db406b2fd4084b10aeac08cb1dc78e
SHA1: 7aceeeb2fc1d1cf8d00e7fd3361f511206599641
SHA256: 602cbb7e85e833bd890f9cbfc600cf6f46585604d2a78f5fe7cc8a0eb1ea5900
SSDeep: 1536:ID1hTrXf+GvGkMFkj5zyu5xRCUdHoNkUGpq5C4dmekl4nmQZQNoqev:qXX2QfMoyy//oN8qB5mQZQre
False
\\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 36.10 KB MD5: e1121a1f3632586e5d9fa0e6af569659
SHA1: 5e30ac693850f6fcaeef158f599fce801c39f69d
SHA256: 8aaa1f9a8d209db1f7af0ff71e7717d68026322bdf7f73272a5e5f910e1fa629
SSDeep: 768:ZDTAbg2KhvBjI6w/fblWON6Jk359XsDrcX9c+kV5lEgY3lr/CWn0y:ubg2K/Tw/jlWONL3DPRwzEgY3V/D0y
False
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 197.33 KB MD5: a86dff300d4b287aa610cc0fec552cbb
SHA1: 143e4db4ff3e001324e6f8db859507ac3506c5e0
SHA256: 75e6588108644cf3edd8159b5c9a0db97b1b6851b7e82417da2fabb6fa20a035
SSDeep: 3072:wFnPYWL4bk9yukG6DcvszhuRLd1orMyCfxofZWzVAIgu66J2S:wFYWL4YcfG6Ak0xdirMyq+xSuu66H
False
\\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.36 KB MD5: a52737d9f6c5c8ec8bf75c8267122c84
SHA1: 50bd8757f70cbe0c3ec19cac5bf31c01d86580c1
SHA256: ac4fc9e2a4bb11c838c6a7bad42aae5168a747fbdeff2223975b4f0f86b80be1
SSDeep: 24:QoFWt0fYhuEDLFK9R4rBhaEV/+9rN59oGokwDAKT3htFHPLV6ULRv2ZbqmAKczQt:QoAcsuEs9R4rBhaEZ+zvoH7DA63dVuZL
False
\\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.36 KB MD5: 57d7e9f2a083b1e45585acf0b6342e6b
SHA1: 212075c2b4a798e9fa4d736604d65da952901b2a
SHA256: 57ce713377181e26173f445170fce25f93949d7b146fb02da8d2490a82ac3c4f
SSDeep: 24:+JauvaGVPSLc0YVBpHYFkyn4nslefUcPC4mRe62wdPUMkcgqk98KczQt:WfPQcn9YFN4skfUcvGhUMhgL8LEt
False
\\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[absonkaine@aol.com].phoenix 16.00 KB MD5: d6ca02529063556e613672a963dbc636
SHA1: d84e1cfdc49d34478b2db726a728a547a64c84fb
SHA256: 06d8388f2712a90fd180e0c72ea5b0cef79e26810d452effaae80904d01efdec
SSDeep: 384:bFOnsLexb/syqRfvVzHuhuQB5D0ofOB6aeXflsJgHONzsP:ost1lHuZABefW3NIP
False
\\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 10.14 KB MD5: 6623e3c3062a427815f2cbfc8a969fcc
SHA1: c469e43a7789fa82571ea0390dfd42970afbeec5
SHA256: bf317a706c1ddab3ec9fd3e0f0e739a6a424a4792b5dc18aa1391e6e581c6960
SSDeep: 192:MF0xhq+AhJ4aZcHDAzkSqnVldY3CeAbr9U6MzzQZAi9eSnXwDpHiwUyNj7BV+OvG:MCEhB+02na3UIwysuHiwXNn7cOU
False
\\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.38 KB MD5: 3397c0ff5b822aeea7a16f7f75b2c084
SHA1: 227b74cda6378abf494458ae3ab24061c78dd2e8
SHA256: ca15a625c251b30bb30d9586c177543ac812906f43fb323ec7f0ea91ddb6228b
SSDeep: 24:ULdu7oVSzco+k2afvWQ29Gi0Pli8vL9OcRwbGZt+Ao26+bm1Z3ZyFyuAutJgqKc5:ULdsjgohqGZPli8vLscRw8bi1pZ5S3g0
False
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 38.38 KB MD5: ac9a0382025b99f094ea38405ea98cb0
SHA1: ba72d12d4b0e29f6e9f4a8e53a4e169712622dd7
SHA256: 871ce873ab5e488d83f2c7b508dda63f14dd63e7f98f1e1cec682f302af284bb
SSDeep: 768:UUmmQmMQcA4vOpY9HcSOnN39TMt68GgmrWWbt0Woo4+F4vkNHkV5Apc7:TmgMQmv1mnnNtPpgnWoZczkV5AY
False
\\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix 10.14 KB MD5: 1897242ab0f1cca959f293211f275d26
SHA1: 4ed5067007a5e602328eb6f2ea785ce099eae2b7
SHA256: bbcb4d5711899aceb3255065c362de452195cbd5ad28391e4593befaee667d12
SSDeep: 192:rxTT0OXay7feYIIbO8whBrLxU/VcLgljyzzdo9rDCahCJRXD2CBswt:rxfSRYIIbl0BrNU/U/zRYKRXD2EsU
False
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 91.39 KB MD5: 601b9112747a940eee3445d85d866060
SHA1: 8c3a666382770c4b1c7c6f51ed11e14dd3e4fc1e
SHA256: bcf90a20e11c5f1d45c982104b05022ca10a7347b77d53a19b4b5418f0e49d21
SSDeep: 1536:GeOf8JfWi7R8D5KBYfmkW1FCSghMkDd2yCMWAfx0oX1wspghm+BbPZX4RtHLI/fy:GeOfGfW/CwmkIMMq2yhf2oDuhzBDZgHv
False
\\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[absonkaine@aol.com].phoenix 173.83 MB MD5: cc75e7bda8993fedfe1a6badcf08dce7
SHA1: 9f7920f930c3874402c2d3c14535e2bdd1fe4eed
SHA256: e104262286e666244be9b1244b073d074f316420ff783d93d664a93ea8c7c99c
SSDeep: 196608:GV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:z4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp
False
\\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.78 KB MD5: 183887946674d88db34bfa1b843d5529
SHA1: 2a0e6d5e9a0c6b08d4caddecd12aa65c85128cf4
SHA256: 58e9abb197af72ffba29d9db1c257887884d261a855b054582381a855fa4aac2
SSDeep: 96:nQ+vspdhxtEhl890A5g6ef9pFvlSNLtqrSM2Z9j:nQ+SEY90A5gPf9p7SqmHj
False
\\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 265.92 KB MD5: 4cbbc181d0e69afddec6b53fbe37c999
SHA1: dab638fcd337c566c3cd4f55c1e73f5d5401c28a
SHA256: 886277101a46784a0f60c2665cf4acdd6dea9c4cb2f9504421f943a225d68973
SSDeep: 6144:h0t3donVaf1Z+s4sC7JdYAmk1eAAJQztvGMx5+EirAv:hUdongtZ+s47JOAlcO1Z5PD
False
\\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix 40.38 KB MD5: 4383a7540a9286483310b308ea45ca6f
SHA1: fcfdae196677eb177c5231fbf37f2349f48a6cb3
SHA256: 31f7eec95562a7d0f5d3f4a05ff144fc0d1e2b727305c8ca5467143afac759f2
SSDeep: 768:rsm1fhNiCC/6f3UhIbxAOPOzx9s1qiy5aDiZawou:rsmF/iCNf3U+tAOPCI1qiyADuau
False
\\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 14.00 KB MD5: 0d0d61faf3f943b7f1d5483c6fddb406
SHA1: ada2a2589e41a6b0bce821ce73b5c22c59242ad2
SHA256: 3b39302ccd1747bbce9b0ed719c8b24ad3cbd88fa6cf26b1f3d4d4747d1b1be0
SSDeep: 192:1VQai4cK5GHh3gx+Ti7v14tI+7GT7VmnNidOcxHc0bjt9qCEZbhBQ3p0ASeBrbe0:Dvi4l5j7v1r9lyQpdUbhW3peQXe0
False
\\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 38.24 KB MD5: 9f96eb42c89d4dbb44ebc862a08c9306
SHA1: 1a45e4f4d5059623bb3377fbeda42e9261ac17fc
SHA256: 7d2364424f892a078eff25187466c5585393810c07f2eced8e0b3f899d2ba7d1
SSDeep: 768:pug+yu8etnG0C0YGuJkPBQKDw9GkMoGecjsJ+hHB3qOfIL6Eql:myu8inG0C0Y1JkPORMoYsEL3Xf/9
False
\\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[absonkaine@aol.com].phoenix 64.25 KB MD5: 0eb5862bd857468a1891143058713fc4
SHA1: 792ca9bb3aa16998d63d16f014cb82085c75ab05
SHA256: aaa45215d87a2e0ee09d647bd49fa71a17d67a38eed3741f221f9a1a20eebe88
SSDeep: 1536:TSx7oJh7lDZ1IajVwH+f8bi1tmvNBeuXCYxUhc5frSCL2x+DAIrip9+Q:GFotZKYVwek+1tmvNBeuXTCyax+DAIW/
False
\\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix 101.88 KB MD5: 957051aee5d3bfcb012eb1b4b4f98a1a
SHA1: 5b06fdeeb24d8b41bd295ad7baebca2641be0930
SHA256: 2031bb0b1799107c87fba084f692d7130f5fd167826972aa5a874b7dc5260e27
SSDeep: 1536:C4J9VgNr8g6BxPwVBnOaxryzYAZO8hTTGkGI8Tck/05RkCW9Tjt:XO6BlwVBUA8sc9RLA
False
\\?\C:\BOOTSECT.BAK.id[B4197730-0001].[absonkaine@aol.com].phoenix 8.25 KB MD5: 01ebd221c946fb41192100362c6c61b6
SHA1: a39af1095bf12aabab8feeba01b1bd458556a81a
SHA256: 85a5afc6ed1418f90713a98f39edc90f666a68fff03193b59300ba95473ebe3a
SSDeep: 192:yIxHPuvYfp9RnWIKGNHjf/WCenssvKqgZpQ7UHQJjj:yI1PuYLsIKeHjGtsadgZpul
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 21.85 KB MD5: 6ba1b32621f4b915c56c432c9cbc9d20
SHA1: 0e25eb831bdcdef9a1751b2ec37fe0ccadf8968c
SHA256: d4325091fab53a3526d5ed664e1ec57201a95d59fe4f883cf3cd28073a09ed99
SSDeep: 384:R1jm9O+ZhZVq2paZis/WqDyJXPK1pkn5q/SUlE2x9CEd81I3/KbOwN1:R1/+zZVvao+WNXPuy5SlJh8K3ibOwN1
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 20.80 KB MD5: 9e550c491ba3a583c276daf12de4b58e
SHA1: 1e5b38d7eefc715bb4b015c517a64ff421c08190
SHA256: 2ea9bc9dc5f779008540e4578423ed4c705d0a47fac437d32cb6eb420b6dabc1
SSDeep: 384:pAT9Z8/P0o1pjeuZD9jIBStC9994XTn4UFoac5uU0yERVBQd5XdH2arOPsaAMwa0:pk9cP0ova49vtCp4jn4UW5uU0ysVBQ//
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.27 MB MD5: 0914c2406ceef4c93917390ae76806bf
SHA1: 9c1d453098a56f65571019e1cbe778181696dd49
SHA256: a70f30d945dfb2ae542a0b874e72a4c34e736b05874cba0299dd0189a9f18c07
SSDeep: 24576:pUphLeZvKErxJPiNusUsWwxF7BJTQlDufC5WnoP/EG+X6w5AYawdG7O5g1iaRvlR:7hJPiAA16DF407OWtvlNg/hMK60jH+j
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 862.22 KB MD5: 9fd7cb3cc32364ff6ea9c5bded879728
SHA1: f9d9e830fd553bb93b46859fdba7307c9180f937
SHA256: 3a2face943d4ed5a270e954892aaa8236e13982796893487e711f472fbe63e4a
SSDeep: 24576:C29OYhzQ31wL3+dSv4AJfMNeabQjdFUoi:v9OYpQqudSwAJfMQJKoi
False
\\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.11 MB MD5: b95fc70c5efa9726bd3327802c948fc1
SHA1: 005dd8044c7853b7b633aed0fd4670562b57d83a
SHA256: 227ee08e20b496044141c6c6ec6807f905e4fb68f84a956c3d104c1d67008a6c
SSDeep: 24576:cepNPTMbNjRr4KB1q57cEfqoFCNjnNb6hMgUXHL7tAm:cyNYb74AIdpr6jNbIU77qm
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 21.85 KB MD5: 2992603e9a75732eae883c68c0b1d6e7
SHA1: e95db851f6a6aeb2470165ff3794eef85815369c
SHA256: d4e5061fceb91c6232532b14a3f887d97b5f19069242d31268474fb713f99582
SSDeep: 384:ArKLP45yEUVwoU8+eLw6cvEumweSqFc0zGnlNu1tOjOeObAMyNpahu/zFJS:ArKj45lUVRU8t7cIhc0zsNuJeKAlUhuG
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 862.22 KB MD5: b191f1ed7951a55a7e5c2fffa97c0ad9
SHA1: 5d5aa424555aa44e8da1ed96a2a4300c647ea6e9
SHA256: f334d65bba00166fc9e1eb3702bc8ec21c9b3f18b60005c773cb6d3edd4af065
SSDeep: 24576:Vu0jnQSdfhOlOclk4CmbMtWIPpYYZ0dXLCvFpWvG:Vu0TQSdJOYybMoApYYudXLKWvG
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 20.80 KB MD5: 35739c20ca9b9d279010f3cc996a61d1
SHA1: 9305c5101855304357b83cacc45fa4db47cf26b3
SHA256: e13844306f6cdb90151e5a3950d282218b9362a81fb788be41cd157b14a3fba8
SSDeep: 384:PkZJDQ0EAbLHFXS6dGnO2sAgdBowjLO2jPg0RFvR8+Km1g7iIZ9H/:PkZJDQhSLH1S6dzZCEPgmtR8+rgeo
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.27 MB MD5: 74711f9cdba878b968f4de46bf778a85
SHA1: 13ddf486c3d2d0fe03d9b2d9591ace54f92adb65
SHA256: 549a9db0e6ebca1417c136556096a8bd05fe45a50776bf7cc06a4c94db2d622d
SSDeep: 24576:lLphZeZvKErxJPiNunUsWwk48BJTQAkufl5W4oP/EG+X6w5AYawdGlx7QhXAmz5f:2hJPiALKLki4fvMP5KhBRQ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 21.85 KB MD5: 2313054298929ae651d95ed02319ccef
SHA1: 45ac1d2ee95329df9a8c0bffb7f7a26ca7d0cea5
SHA256: bd8232a260fd0e3d6bca052de73bb63418236c5fd66ee75c073e4d8b67cb48c7
SSDeep: 384:lm79oBM+NPRE7m/oXMtDrtF+KWFhLp2XVN+xoCCGdvib7AgfnVxB0SQhXmPKLPX:eGBHPRE7fXMb6FhLp2XV8veAATCS8qKz
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 862.22 KB MD5: 78a805128ac753e2da9a593ab743b437
SHA1: 463c55c6a4d30b3de886b898c3fac1503b83dd17
SHA256: 049244f3ed40cfe619c2665795bf6bd7be01d05fbf1bb7ebd1adb8e9a04c24c2
SSDeep: 24576:2JGK3tuL7ILwS7K47BHH2MWmghDtIxFKwAel:2JGKUn8fFADtSQwB
False
\\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 852.27 KB MD5: 5103e022f2a449549362270202a28661
SHA1: e89ef1a276c5e7d4bce42e9632237c27f4dc04da
SHA256: 8250e846d7b04ed3fb7a4dacebe87084f7fe43781bcaead38143cf0d7156fe95
SSDeep: 12288:saTn6leAv4AO1fwCc0a+p69ZrVw8PJyUPRyeBubXgIOiRWLBr8r6zSsEJIFj:T6ljeJDcrL9Zysz7jCRWt8GW3GFj
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 20.80 KB MD5: 22c08f9f03ad13aa731fc1bddce14f27
SHA1: 7b8d8da2fd6055e18670297fcc7289e37b679dfc
SHA256: c1a428a02455709a34344fa07e9050e53c018e165b824c6fd99256662de265dc
SSDeep: 384:PHbbwsQJw1hftg+vAYvwkeKW0GMjzrLuuZHKzGBCaxBMeiLEdLdLRmW:/bVjft1vZWSjzrLDHKzWCyBMe2EdLqW
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.19 KB MD5: ebadfd5a10a6a145f2fdfdce454eec89
SHA1: 4395b3ba67f4f5a76c4210f18208e3c90a2e77b3
SHA256: fb1f005518067217badf01aef60598c96d33e509534493ce7789aafb55f6edac
SSDeep: 48:ovJCbiZzK7lpP1GRkUjGSz+gKFVnt2fRoT86k03ID/EfkVXFE:YJCbiZzKHtGSUjRz+ggVnt2fRo5Z3IDE
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.27 MB MD5: 793b629463fe6226572a956e343f785d
SHA1: 6b6dabfde00587dec4b4c6bb0746d5bedc5256e1
SHA256: a61118c7ccd04ee919e0085855e69acd809b866928e066648bcee128bdbad6e3
SSDeep: 24576:FVph0e2vKErcJsifUnU5W8ns4B1SJGpufrxWVoP/EG+X6w5AYawdGi1H01vzz3+3:TjJsi8i/rpwgOi2F+j5R71Yk
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.19 KB MD5: bf24fa8ee2a1beca1c87aa700453f194
SHA1: 377b1c84e07012dedfe94f58ac78c93da073740f
SHA256: 8af0814f33faedd4ba168a2f14349c2f500045f53c9ea0a84aa47b9e0c5bff05
SSDeep: 48:1Ks2y1x/i00rXH8IkHQO5mozZ/J4Q1uo4CqLR86rR8sFE:1HJ1p8XcI25m4Z/J4CuPxm6N8sFE
False
\\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 484.27 KB MD5: e67f6c31382b809e92daa5806d9571fc
SHA1: 7b04f56a87717973e37e0bcec62479cbfe051318
SHA256: 312ee760b52cfdd37068524cc53fc625ffa6f657ed556928ec8d88935f6a3696
SSDeep: 12288:j795Rq1hBzqHnpwwFlvZuX89eaUor4OTF/Pq3X:32B+HnWw7ei4OTk3X
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.61 KB MD5: da2f30fce3a642d0ad8691eed431cd4f
SHA1: 38840cb1ec9bca95f16f642ff427d749290d806e
SHA256: 137765a73de807e02161f2a8b6e4beba401578aec866e1d012a7aad5089c5302
SSDeep: 48:UoMRzMs9tTT11b/ClLad9Qeq90cI+lzwFE:UoMRz5T5pClLh0c9lcFE
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.88 KB MD5: 6c6469180277504ae6e0f71b278a8d92
SHA1: 6f9b3b92778889c1cdf85aa1e859d14a7f5cd3c1
SHA256: dfebecc3d1a2f2211be8b7db98c30b0f161dfc1acf37ede1e0d63c1398b2e55e
SSDeep: 24:u5A70o3+mqBnspT31VzRezBzlVCuteG0WJE:gPoOlBnspT31VzRezr71E
False
\\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 180.77 KB MD5: ebdba83ddd1552532a9a1cb3bb6683ca
SHA1: 5122a51588f9eab64f3a21e03552806f6ff916e4
SHA256: aa2e2eea1a5ca1c449aaf38c679234b3e816bbadc91d08bd06efe22273d0ff05
SSDeep: 3072:WayTlBFMA/nF/0ZYrOahhM4PJZRjowqo/J60lVqVuCjwJBmpvcsBpDQDx81TUk:5yTTFBfrMuJZRMwqoh6XmJQpvcwpDQwn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.42 MB MD5: fb5dbbfd621fa778d969c3c86bd873d1
SHA1: 3912b59c052ac549e34f5b8d58c30d77dd43a911
SHA256: 9ac3d7607ad08907a01ff79a733cc8ca96d2a4207e88722335b0c14ae1c8faac
SSDeep: 24576:54vzz1Y5Zj9Y6AOwaWVNWWHHzRu1k/L9chbUF/Tx7mWqn3gVtiBwGFwRusBwlNSv:5qk3NIX3NIIaJBCDXg1DIZBNyPvSYKYU
False
\\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix 92.77 KB MD5: 36b56e677c45e0c0091ea6cacb5e55ab
SHA1: a9158eb7bb2caeb2b9a06285703ae5f3d4dc25f9
SHA256: d29401d24394805b0924bf98ddaeceb4b037a15b0dc83ee4e1e90405a6570e9b
SSDeep: 1536:v3oNu8AXqnceG5+inp/M2I0pvrm8RrVk91qsFp2NIhWvRGsJvceD9x5wh+:fGu0Zip/jI0pzm8rAqsFp2N0/sJ/98M
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.88 KB MD5: 18b28386fd571d33612ac779047b2a5f
SHA1: 3845259addbbc0476289676641c5a4d9a64d6f95
SHA256: 5c6a7514d3829f673bcab8e201ef13def715bc10d4f85ecb9da82bdb452cba9a
SSDeep: 24:KSfu4URLL1FKfOUSI92WXAtDAdrSp7ZeG0WJE:rYRLBFpUSxWQt08p7f1E
False
\\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix 76.56 KB MD5: fbb086d48e44c48e3c48cf38fad0fc9d
SHA1: 4a7a4d96ec8e4f99e11694ecb46b0843cda608ae
SHA256: e322544d368b0e1d47253cbc41f9f1e5564e49cebfb149741b8e58f8a31ea326
SSDeep: 1536:OmGZ7HdHTP3Smc7KBrTWvANEDaiQGCUkQ96HhGaSqfYgkJaivvDA39AAzk:e9+mc7KtTW4N7iNloHhGaSqAgkJnvv4Y
False
\\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 788.58 KB MD5: 3a7a8c6f04d342cbaabedeac0468d35c
SHA1: 385eab1ee3d1cda743ab545cd838f3ea821f3469
SHA256: b8ef2439cec11ed4ea0e795648f8fd52848cecda75d5590b79ce623c2fe22250
SSDeep: 12288:SNmh6Ld2p+QyFk7nyXhZZh/7tHelB75YnpWwD8z1wo1fu:SNmhMdOTokbyxZZltHe/7u048ZwoY
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.31 MB MD5: 46707013c2309f681a0423450b479e0c
SHA1: 01326d39653a81de214299831bce39f9d30b6f38
SHA256: b31310835fc939192743cb7000bcefa8c3d6de73d2d1c21d10eed01fd3d7d4b1
SSDeep: 49152:mocBwONUwON7qkrf263nJpJE+sq36ouuVoSEy:moZqkrf2InJHEtuVay
False
\\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 288.58 KB MD5: db89de82525803f7ca86b1e916b0fe7d
SHA1: a3b53bbf9ec90e40be3f31b32b5d80c9e1dfafe0
SHA256: 97510bc286ad5d6719a8e265cbe8a100bcc5ae39dffec3f167386a0221de5ee5
SSDeep: 6144:wFdK6pcCkyXkDiMXEs58r3RuLYv3Yut2vEmwnieyHi75:wFEgcCkeCXE1vI9CieyHi1
False
\\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix 94.10 KB MD5: 3426841065cf0056c3d219bc1064553a
SHA1: 0cdbc554eb16e6f084c0837738e974cc8b4835eb
SHA256: 905e941b506b990fcefede69b86490994a1dc378b1cfd6c9ee9c94eb4d96e1d7
SSDeep: 1536:oCTdkzI4YaHBwAH0OJrzehXg402V91/OY6x23qFeiV31wSMMbc:zkzdnhwArJXmXg4tz1mY6eqwiZ1wSnI
False
\\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix 141.28 KB MD5: b8d257f2af57dc7846f637f080a791e9
SHA1: 4c049ce9e8f5af99ca2ca07ed9d1031f1074dc38
SHA256: 75c60c0b2f06acd0eadadb9e6741bc5eaa7561f862249d802dcb3c8962f6e231
SSDeep: 3072:Tohc9ouYYa1p6nJ304owwF9ZCcwNqfuQiCKqpOemKmpSa9yH:TohcVY5MnJKHS0f/6KqSa9yH
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 23.25 KB MD5: 1456c0bc9a97a93f5710526571575f52
SHA1: c81926660c70f2f37c7bea6e505cbe70f626be1c
SHA256: 71da90aba50648a842417b46e13abf9b3d185b152686aa361f43538d67736855
SSDeep: 384:lESrIqPNNMLiLsEywxYmuiW5Weie/zpozutxmj4+jTS/oui5+UOzYZh4NS5PX0xW:lESkWNLLsBQDB0/uiHm0So3OIU4M5uhw
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.03 MB MD5: 6605fda867d2ff20a6832dd614e4e2db
SHA1: 45a987355d57053dad1ce19ec243878efe2a7729
SHA256: 216fbb98c79a76b1c8dc50069b37228ba23b2d57e0b354fcbccfb316e86e81a1
SSDeep: 12288:YqT5CzKpbPURRb+9IA2aiz/LI0K0nnubuYUe16cvm6I3yrgH9esj/zLGbqE1Z/ri:3NBPY+qxv/D+z6AqyrgHTj//Gd/o0Ip7
False
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.71 MB MD5: 290f7b3505e81ece939c27f400fc491f
SHA1: 19faa5c150ce020f3a48b371d41c9b8081a2ae85
SHA256: 6fab7ebdc72f2f2f5b2551268cc55a111432a3f5443b788d2489b5d9f5b46c84
SSDeep: 98304:uuEAUjb7BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKaKL8SfX2+Jq:e3PBkOK2Knq45mY4H5OMKkKaKL8S/8
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.63 MB MD5: 706aef133b987597f47e230a222de2ef
SHA1: 60a2760ccc8e3ecb49fc11e9886a5e999323f4d3
SHA256: 7b111dca260a73ab0f40fbe8e0c230622f5b453e71c77cae406a80ae13164c47
SSDeep: 24576:LV+T8ZCGA3MyLfPS4mkkcSpS2PG2it0mGi19nwp:DNA8afLc9pFreH9ny
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 23.08 KB MD5: ea7579ffc6be4dba8db3e1f0c0392db6
SHA1: e547d52931c3466a1eb39b61a17a7e905eb16eac
SHA256: 983ae66d7f0a633a7a421e07f61c9281d6e246836df14554b53bb7706915761e
SSDeep: 384:7HRL0KW13wGRehX0CEuVxox4DVKSSKC2h54Ti5SlgMYa/P6MEq1:FAVpSpxlSKt8i5c/P1l
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 8.63 MB MD5: 133cb8a6d350faaa9cb2f94df2eb1c4d
SHA1: 5d7829bc7c7eb2c9d3ae89df70f3e7c0ffb52bb8
SHA256: 4255305cf2494c323951d44a25854b1ca759402b4196ae4b633e370dd2a10cbe
SSDeep: 49152:xUvtxoEaQRE2r8sHGP8aQRKVCVg85OdFEyrtw0ZE1auXpX:eOdy49EouV
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.13 MB MD5: 60daa4c8be8485737c55f8a9304eb1d5
SHA1: db5e5312694cb7770c3068975af7bbcdc12fca15
SHA256: dac254a9793e65979fd99cc561705f344be629c273b26fcd3864b8fe5c56ac79
SSDeep: 49152:NEbgecxEPniSX+GEl7s6UiAl9T+OPdapzIcS:14PniSX05lUXplPQFIcS
False
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.84 MB MD5: 0c963ff76b1c4ff2cb3ce0ec2c31ea23
SHA1: a6700632ade8315b9e96bbf2cb97aa65df7dd2e6
SHA256: e8401eb87f61e0782b5fb837cba297951b0ede2745fa7a8c8633f1cedba30f9d
SSDeep: 49152:WV4YaGoDumT1r7AdXZy9KU2KUYxs35DKZ3OIKGDyXx0ciw8H7:WV4Yab1PAdXZzKUYxs3pKZnKGDyGcN8b
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.03 MB MD5: 18ecba12c05ac243e79571d6045d6224
SHA1: 31d8517252ca450913e1770523e4251d62a44b88
SHA256: acec2e3029d521b221b646a70b2e0bf846b2e9660aca0a9c653c772ff5077d13
SSDeep: 24576:qTe+kBOKQLFWQFxOzw3Aj/2dcmQptT3OyTk55am2PuIfpH9spCunwxw:v+kB3QLgQFxp3AjX+mk55ONfJ9ssunZ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 36.81 KB MD5: 9d80d49d6aa3911211389104579c4d37
SHA1: 06be2c81cbec0a311687a018aea332fb43393c00
SHA256: 67975ea4fc61bf58d9984845bed5373f53a55d6778f711fc21a88a2d35a35fba
SSDeep: 768:eU4v7Vxg5MLDDOV24FeWF3sqZzLeO2wXCGPirtT:e7v7VxuF3sZO2HdT
False
Host Behavior
File (1640)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\BOOTSECT.BAK.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll type = size, size_out = 144072 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd type = size, size_out = 577 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log type = size, size_out = 6004 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log type = size, size_out = 42674 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini type = size, size_out = 74 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\preoobe.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini type = size, size_out = 156 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log type = size, size_out = 40 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf type = size, size_out = 7567 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd type = size, size_out = 307 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml type = size, size_out = 74214 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = size, size_out = 17240 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml type = size, size_out = 60816 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf type = size, size_out = 6309 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml type = size, size_out = 80970 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = size, size_out = 3726 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll type = size, size_out = 19288 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf type = size, size_out = 3314 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml type = size, size_out = 77748 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf type = size, size_out = 3419 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml type = size, size_out = 82346 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll type = size, size_out = 17240 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf type = size, size_out = 8876 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml type = size, size_out = 86284 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml type = size, size_out = 3188 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml type = size, size_out = 77232 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf type = size, size_out = 3702 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll type = size, size_out = 16728 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml type = size, size_out = 77022 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf type = size, size_out = 3526 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml type = size, size_out = 82962 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll type = size, size_out = 15704 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf type = size, size_out = 6851 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll type = size, size_out = 15192 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf type = size, size_out = 4254 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml type = size, size_out = 72076 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll type = size, size_out = 19288 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml type = size, size_out = 86442 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf type = size, size_out = 3643 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml type = size, size_out = 80060 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf type = size, size_out = 10125 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml type = size, size_out = 68226 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf type = size, size_out = 12687 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml type = size, size_out = 65238 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\eula.rtf type = size, size_out = 3546 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml type = size, size_out = 79634 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf type = size, size_out = 3046 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml type = size, size_out = 79296 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf type = size, size_out = 4040 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico type = size, size_out = 88533 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml type = size, size_out = 82374 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf type = size, size_out = 3683 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Print.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml type = size, size_out = 80738 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf type = size, size_out = 54456 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml type = size, size_out = 81482 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf type = size, size_out = 3865 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml type = size, size_out = 77680 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf type = size, size_out = 3859 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml type = size, size_out = 76818 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf type = size, size_out = 5827 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml type = size, size_out = 60684 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf type = size, size_out = 4015 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml type = size, size_out = 80254 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf type = size, size_out = 6309 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml type = size, size_out = 60816 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf type = size, size_out = 3069 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml type = size, size_out = 79996 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Save.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml type = size, size_out = 201796 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico type = size, size_out = 36710 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico type = size, size_out = 10134 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html type = size, size_out = 16118 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml type = size, size_out = 39042 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml type = size, size_out = 93314 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico type = size, size_out = 10134 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core.mzz type = size, size_out = 181483595 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core.mzz type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml type = size, size_out = 39050 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi type = size, size_out = 1901056 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp type = size, size_out = 3628 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd type = size, size_out = 30120 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml type = size, size_out = 272046 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp type = size, size_out = 41080 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml type = size, size_out = 14084 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml type = size, size_out = 38898 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi type = size, size_out = 1163264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = size, size_out = 65536 True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = size, size_out = 104072 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\watermark.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = size, size_out = 8192 True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTSECT.BAK.id[B4197730-0001].[absonkaine@aol.com].phoenix type = size, size_out = 4662 True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended.mzz type = size, size_out = 43131591 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended.mzz type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi type = size, size_out = 872448 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi type = size, size_out = 495616 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml type = size, size_out = 1974 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml type = size, size_out = 1972 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml type = size, size_out = 1382 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi type = size, size_out = 184832 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml type = size, size_out = 614 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml type = size, size_out = 5944055 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi type = size, size_out = 94720 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe type = size, size_out = 78152 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml type = size, size_out = 614 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml type = size, size_out = 3729832 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll type = size, size_out = 807256 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll type = size, size_out = 295248 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe type = size, size_out = 96088 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll type = size, size_out = 144416 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu type = size, size_out = 5198099 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 23532 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml type = size, size_out = 1965927 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat type = size, size_out = 1083027 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 23345 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml type = size, size_out = 8260188 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat type = size, size_out = 4590407 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu type = size, size_out = 2192672 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu type = size, size_out = 5091790 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat type = size, size_out = 1083027 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml type = size, size_out = 37360 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = size, size_out = 59164 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat type = size, size_out = 4590407 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat type = file_attributes True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe True 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Core.mzz True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Extended.mzz True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat True 1
Fn
Read \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll size = 1114368, size_out = 144072 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd size = 1114368, size_out = 577 True 1
Fn
Data
Read \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log size = 1114368, size_out = 6004 True 1
Fn
Data
Read \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log size = 1114368, size_out = 42674 True 1
Fn
Data
Read \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log size = 1114368, size_out = 40 True 1
Fn
Data
Read \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini size = 1114368, size_out = 129 True 1
Fn
Data
Read \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini size = 1114368, size_out = 129 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\eula.rtf size = 1114368, size_out = 7567 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd size = 1114368, size_out = 307 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml size = 1114368, size_out = 74 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix size = 1114368, size_out = 74214 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\SetupResources.dll size = 1114368, size_out = 17240 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini size = 1114368, size_out = 156 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\SetupResources.dll size = 1114368, size_out = 14168 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml size = 1114368, size_out = 60816 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\eula.rtf size = 1114368, size_out = 6309 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml size = 1114368, size_out = 80970 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\eula.rtf size = 1114368, size_out = 3726 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\eula.rtf size = 1114368, size_out = 3314 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml size = 1114368, size_out = 77748 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\SetupResources.dll size = 1114368, size_out = 19288 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\eula.rtf size = 1114368, size_out = 3419 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml size = 1114368, size_out = 82346 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\eula.rtf size = 1114368, size_out = 8876 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml size = 1114368, size_out = 86284 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\SetupResources.dll size = 1114368, size_out = 17240 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml size = 1114368, size_out = 77232 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\eula.rtf size = 1114368, size_out = 3188 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1036\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\eula.rtf size = 1114368, size_out = 3702 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1037\SetupResources.dll size = 1114368, size_out = 16728 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml size = 1114368, size_out = 77022 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1036\eula.rtf size = 1114368, size_out = 3526 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix size = 144 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix size = 242 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix size = 144 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix size = 242 True 1
Fn
Data
Delete \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml - True 1
Fn
For performance reasons, the remaining 583 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (20)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 7476064, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 7476128, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 7476400, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\Absonkaine.exe os_pid = 0xd38, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xd48, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xea0, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Open c:\windows\explorer.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module (33)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 12
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x761b0000 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\absonkaine.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Absonkaine.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 True 7
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CreateProcessWithTokenW, address_out = 0x761c0c70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 True 1
Fn
System (51)
»
Operation Additional Information Success Count Logfile
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 47
Fn
Get Time type = Ticks, time = 138421 True 1
Fn
Get Info type = Operating System True 2
Fn
Mutex (41)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773000 True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 4
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773000 True 1
Fn
Release mutex_name = Global\0001B419773000 True 1
Fn
Release mutex_name = Global\0001B419773000 True 2
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #2: absonkaine.exe
110 0
»
Information Value
ID #2
File Name c:\users\fd1hvy\desktop\absonkaine.exe
Command Line "C:\Users\FD1HVy\Desktop\Absonkaine.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:00:49, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:03:57
OS Process Information
»
Information Value
PID 0xd38
Parent PID 0xa78 (c:\users\fd1hvy\desktop\absonkaine.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D4C
0x D64
0x D6C
0x ED8
0x F0C
0x B6C
0x F6C
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\Absonkaine.exe 71.00 KB MD5: 62d3580c88222c59a276a2df8445758c
SHA1: 8a707b397796972317bcaa55bdef23b305824840
SHA256: 3bbac55728d38c1bcaac6b6fece73fb7a66ac3a0a71093bcacd4577c351db989
SSDeep: 1536:RFOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKQNYDwOozDmAU:RYPxAwtPtoe/zLaGmCZrqcQSsznU
False
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe True 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe True 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\Users\FD1HVy\Desktop\Absonkaine.exe False 1
Fn
Registry (19)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 15864672, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 15864736, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 15865008, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Module (13)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 3
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\absonkaine.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Absonkaine.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
System (30)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 26
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 141156 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (30)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773000 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 11
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #3: cmd.exe
189 0
»
Information Value
ID #3
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:03:52
OS Process Information
»
Information Value
PID 0xea0
Parent PID 0xa78 (c:\users\fd1hvy\desktop\absonkaine.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x CE0
0x D58
Host Behavior
File (140)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 8
Fn
Get Info STD_INPUT_HANDLE type = file_type True 3
Fn
Open STD_OUTPUT_HANDLE - True 19
Fn
Open STD_INPUT_HANDLE - True 54
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 47
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\netsh.exe os_pid = 0x42c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (1)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\netsh.exe address = 812008398848, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff931f40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff79e1f0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92fdd0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92fdea990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92fdee830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92fdee300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (16)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 5
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Process #4: cmd.exe
243 0
»
Information Value
ID #4
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:03:52
OS Process Information
»
Information Value
PID 0xd48
Parent PID 0xa78 (c:\users\fd1hvy\desktop\absonkaine.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x ED0
0x CDC
Host Behavior
File (186)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Open STD_OUTPUT_HANDLE - True 28
Fn
Open STD_INPUT_HANDLE - True 71
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 59
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (3)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\vssadmin.exe os_pid = 0xf34, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\System32\Wbem\WMIC.exe creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL False 1
Fn
Get Info C:\WINDOWS\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (1)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\vssadmin.exe address = 815958138880, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff931f40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff79e1f0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92fdd0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92fdea990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92fdee830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92fdee300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (23)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 2
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000002 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #7: netsh.exe
39 0
»
Information Value
ID #7
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:03, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:03:44
OS Process Information
»
Information Value
PID 0x42c
Parent PID 0xea0 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 6CC
0x 174
0x D68
0x B60
Host Behavior
Registry (10)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (21)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff92e3f0000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff911720000 True 1
Fn
Load RASMONTR.DLL base_address = 0x7ff91ac30000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7ff931a40000 True 1
Fn
Load C:\WINDOWS\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7ff913c00000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7ff9155d0000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7ff913b30000 True 1
Fn
Load FWCFG.DLL base_address = 0x7ff913a10000 True 1
Fn
Load HNETMON.DLL base_address = 0x7ff913a00000 True 1
Fn
Load NETIOHLP.DLL - False 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff7b2bc0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff911721310 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7ff91ac45850 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7ff913c01430 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7ff9155d1610 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7ff913b31100 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7ff913a111f0 True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7ff913a02060 True 1
Fn
System (8)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 915, y_out = 123 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Process #8: vssadmin.exe
0 0
»
Information Value
ID #8
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:04, Reason: Child Process
Unmonitor End Time: 00:01:23, Reason: Self Terminated
Monitor Duration 00:00:19
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xf34
Parent PID 0xd48 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F1C
0x 48C
0x F18
0x D90
0x 9B4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
vssadmin.exe 0x7FF60F000000 0x7FF60F026FFF Process Termination - 64-bit - False False
Process #9: absonkaine.exe
1615 0
»
Information Value
ID #9
File Name c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe
Command Line "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:44, Reason: Autostart
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:01:03
OS Process Information
»
Information Value
PID 0xe40
Parent PID 0xb04 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E44
0x E4C
0x E50
0x E6C
0x E70
0x E74
0x E7C
0x E80
0x E84
0x E88
0x E8C
0x E90
0x F1C
0x F20
0x F24
0x F28
0x F2C
0x F30
0x F34
0x F38
0x F3C
0x F40
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.79 MB MD5: 77254dc7dc7c5f26d89ddc33dedc9f05
SHA1: 294dcd45a8337fcc7e6a8e928428725d9a3365d3
SHA256: 1a34cadd97e71b4397234830dcf65745b04ab02c7138853eddd8b56a01214285
SSDeep: 49152:oJ6tDuv7GuMRau8yuXQFKUYcs3HVKf3rhKi2lkyghVsf9peEKYK4:oJbGnRau84KUYcs31KfFKTR7eE5K4
False
\\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.27 KB MD5: 04ffeca3bd4d72b537bed10f4a1537ee
SHA1: a72e52c62df473ece5270db434456be8d880c2a2
SHA256: 83c01d3e19804940637eac02c61b5a4afbd9808671bbfaa34d9dff6e1c16e0e3
SSDeep: 1536:tL136ywWDjdTlEObWd+TY9zObfSC895pxYYsN9+G9Ihicju:yLsjdTyOwUY9zih87pxYl9hyhru
False
\\?\C:\Logs\Application.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.27 KB MD5: af77d0a6e48d04289adf247fe79a7807
SHA1: 9da7454e72487ead68f148ebe38220ed43ad9b5a
SHA256: 29dbdd0562d8a181bd2f74e0f048e105c61c0d37965b9b3f90e9c966244a9ab0
SSDeep: 1536:LktSo2ji3KFSD6UV5iaIr5QxHgLLJ69lcItgr75czjq0M9RM2cNgB:Lgx74U6UViEgLLCcIwmq0M9RQN0
False
\\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.27 KB MD5: e52590730537a8a567882db56bc7fb5f
SHA1: 6c7bd1244fdcea1029c73fa11feb9056e4e0c2d4
SHA256: 43841b4b3c3556248f21dd17f4681c6e223629afb08760b33e96b0c229b7e63b
SSDeep: 1536:T9gKcYVsJ/NJssXdOse4coBQzJgAKmXIkQOZInn4sYFwmprBHp:T9g0aF+4cUQzJgASn4fwmNBHp
False
\\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.28 KB MD5: 170fe591d737342ef47b63abb323d0cb
SHA1: d35cc0b9564e61875b32866c89cd854a212711d9
SHA256: 9d76df5c4ee29fe72fda1ab6b331b9cc8701954632e379bc582e62b3645d956b
SSDeep: 1536:ygkjk9wRsjsM15HcTrKVygMBkpJpDJgisN5yC4uXDjv416AdrYMAN6Ih3:ygkA9uKsM1t7mkvpDyisLRXzAVCN6+
False
\\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 7de3f3c00b2bab8ad97f9749cedd210c
SHA1: 9c5b3f9d2a6c2c3493d1f4516ad8426f5b9be21d
SHA256: f49ee19686d2419a7a628407c270b5424bd54ba8bf74ecdfd1d7ad3cba9ffddd
SSDeep: 1536:uaB4J+F8CYvrrdtnTQDUIgCY60bu9Zwkni1rnO/+kdgp8:NUu8CoDUDUIgnD0ZtQzfUr
False
\\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.38 KB MD5: 5a3dd37ffb9ec434ccea1018bea6989c
SHA1: cc7d7b1d21acf72f8ca6cd555c349ab6a8cb2d2b
SHA256: 6f037af4d8b802bf8fe8f5a5b2d04b2add68004cffa250ead6af7e1b04d12a02
SSDeep: 1536:lFhxDZDdUOOBHOI7cpD0TgyfvhDX/HPh4Zt+:ltBgHz7c0TgyfJD3h4Zt+
False
\\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: 3754421cf3dc61f3cb1a60e5e51c726f
SHA1: d1d31101d4d8ab3dae4f555c82b3f6a179c1f88c
SHA256: 38c3f73fbdc2a80afaaef89ed696e302e4d3cdbd20901085e4789e542b4746a5
SSDeep: 24576:wPYnNDguZ0azSTcaAyPst3ikiwnEYm/2GKO9himhratN:wPWVxZATTsEYi2TGsY+f
False
Host Behavior
File (1393)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Application.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Application.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Application.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\FD1HVy.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.0.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.0.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{07CE7F5B-73F4-4BAD-B449-5B3E959DEF86}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{07CE7F5B-73F4-4BAD-B449-5B3E959DEF86}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{2A2E4B23-55E7-4066-BF56-40A8C2ACF003}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{2A2E4B23-55E7-4066-BF56-40A8C2ACF003}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{427A2095-CED1-467F-8647-D13F664E7313}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{427A2095-CED1-467F-8647-D13F664E7313}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{427A2095-CED1-467F-8647-D13F664E7313}.2.ver0x0000000000000003.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{427A2095-CED1-467F-8647-D13F664E7313}.2.ver0x0000000000000003.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{599D1469-EB61-443B-9556-EE3AA24908DA}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{599D1469-EB61-443B-9556-EE3AA24908DA}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{5B6DB04B-B054-4120-9EE4-33A79FF53BC3}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{5B6DB04B-B054-4120-9EE4-33A79FF53BC3}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{696521D6-0C3C-47A9-8A08-62A21834D2F0}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{696521D6-0C3C-47A9-8A08-62A21834D2F0}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000014.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000014.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000002.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000002.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{9961E15C-3F61-4FA0-9F93-F635907C374B}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{9961E15C-3F61-4FA0-9F93-F635907C374B}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{B8C80385-EAD5-4543-9080-86ADA8E81DD5}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{B8C80385-EAD5-4543-9080-86ADA8E81DD5}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{E14796D4-F769-4AA4-85DC-E9FFE52AEEB4}.2.ver0x0000000000000001.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\Caches\{E14796D4-F769-4AA4-85DC-E9FFE52AEEB4}.2.ver0x0000000000000001.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes True 1
Fn
Get Info \\?\C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\BCD.LOG1 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\BCD.LOG2 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu type = size, size_out = 2141433 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll type = size, size_out = 95648 True 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll type = size, size_out = 99744 True 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = size, size_out = 76632 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = size, size_out = 4662 True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = size, size_out = 79200 True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = size, size_out = 80224 True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui type = size, size_out = 46496 True 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui type = size, size_out = 74072 True 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = size, size_out = 74144 True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = size, size_out = 44960 True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui type = size, size_out = 75104 True 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = size, size_out = 3695719 True 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = size, size_out = 3878410 True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = size, size_out = 1985867 True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = size, size_out = 59164 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml type = size, size_out = 16148 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml type = size, size_out = 9818 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml type = size, size_out = 236956 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml type = size, size_out = 36720 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml type = size, size_out = 36750 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml type = size, size_out = 6158 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml type = size, size_out = 104348 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml type = size, size_out = 23444 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml type = size, size_out = 27466 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml type = size, size_out = 324596 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml type = size, size_out = 104560 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml type = size, size_out = 97084 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml type = size, size_out = 19018 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml type = size, size_out = 1526 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml type = size, size_out = 11048 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml type = size, size_out = 2310 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml type = size, size_out = 11146 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml type = size, size_out = 94612 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml type = size, size_out = 96644 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml type = size, size_out = 720348 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml type = size, size_out = 103844 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml type = size, size_out = 26782 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml type = size, size_out = 29766 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml type = size, size_out = 32926 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml type = size, size_out = 25518 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml type = size, size_out = 24558 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml type = size, size_out = 24558 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml type = size, size_out = 77386 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml type = size, size_out = 14132 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml type = size, size_out = 731118 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml type = size, size_out = 174846 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml type = size, size_out = 986292 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml type = size, size_out = 86894 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml type = size, size_out = 78078 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml type = size, size_out = 3304 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml type = size, size_out = 2373000 True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml type = size, size_out = 3238 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf type = size, size_out = 174959 True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = size, size_out = 2913 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = size, size_out = 177414 True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgun_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgun_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf type = size, size_out = 44488 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = size, size_out = 143754 True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryon_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryon_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = size, size_out = 145419 True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf type = size, size_out = 162331 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf type = size, size_out = 164347 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjh_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjh_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf type = size, size_out = 154427 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf type = size, size_out = 156245 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf type = size, size_out = 44859 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segmono_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segmono_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf type = size, size_out = 85862 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf type = size, size_out = 86178 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui type = size, size_out = 79200 True 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = size, size_out = 79192 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = size, size_out = 78688 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui type = size, size_out = 45976 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = size, size_out = 77144 True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = size, size_out = 67424 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui type = size, size_out = 42904 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = size, size_out = 66912 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui type = size, size_out = 42912 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui type = size, size_out = 75608 True 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = size, size_out = 811936 True 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\memtest.exe.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = size, size_out = 78176 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = size, size_out = 77656 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui type = size, size_out = 74080 True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui type = size, size_out = 54168 True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll type = size, size_out = 92576 True 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui type = size, size_out = 12192 True 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui type = size, size_out = 76128 True 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui type = size, size_out = 44960 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui type = size, size_out = 77144 True 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui type = size, size_out = 44888 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = size, size_out = 76128 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui type = size, size_out = 44952 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = size, size_out = 75096 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = size, size_out = 49091 True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = size, size_out = 63840 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui type = size, size_out = 42400 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = size, size_out = 63832 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui type = size, size_out = 42328 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = size, size_out = 63840 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui type = size, size_out = 42392 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr type = size, size_out = 395226 True 1
Fn
Get Info \\?\C:\bootmgr type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTNXT type = size, size_out = 39379 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Application.evtx type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = size, size_out = 1743 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = size, size_out = 1 True 1
Fn
Get Info \\?\C:\BOOTNXT type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTNXT.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = size, size_out = 1334 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Application.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Application.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Application.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix type = size, size_out = 1334 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml type = size, size_out = 1512 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml type = size, size_out = 11364 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml type = size, size_out = 11007 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx type = size, size_out = 2444 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml type = size, size_out = 28859 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml type = size, size_out = 579 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml type = size, size_out = 1284 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml type = size, size_out = 271 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml type = size, size_out = 427 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml type = size, size_out = 3257 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml type = size, size_out = 271 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix type = file_attributes False 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe False 1
Fn
For performance reasons, the remaining 388 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (19)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 51008368, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 51008432, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 51008704, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (36)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76680000 True 15
Fn
Get Filename - process_name = c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76694ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76694b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76694b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x76694b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x76696b30 True 5
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x76696b50 True 5
Fn
System (59)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 54
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 135203 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (78)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 2
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 2
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 11
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 13
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 24
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 2
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 2
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #10: absonkaine.exe
20 0
»
Information Value
ID #10
File Name c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\absonkaine.exe
Command Line "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:46, Reason: Autostart
Unmonitor End Time: 00:03:48, Reason: Self Terminated
Monitor Duration 00:00:02
OS Process Information
»
Information Value
PID 0xe60
Parent PID 0xb04 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E64
0x E68
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
absonkaine.exe 0x002D0000 0x002E5FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76680000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\absonkaine.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76694ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76694b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76694b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x76694b00 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = Ticks, time = 135171 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #12: absonkaine.exe
24827 0
»
Information Value
ID #12
File Name c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe
Command Line "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:54, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:00:53
OS Process Information
»
Information Value
PID 0xf9c
Parent PID 0xe40 (c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FA0
0x FA4
0x FA8
0x FAC
0x FB0
0x 9E0
0x 398
0x 3A0
0x D64
0x D68
0x 914
0x 898
0x 8D0
0x 8D8
0x 634
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 703.80 KB MD5: cc67b3ccf5b68b8f78255d617821ebe1
SHA1: b46b111846731efdbfccc6588dca0f1911eb804a
SHA256: b1159b39a283c61a6617ce8eafd483fbf6c5e223e0ef76b952ff239c0bb1d58a
SSDeep: 12288:dystRMXeBzW7CTasn5pdvbE9uxFXRYlprPg3UfZ9MsasJNYcasZgUnFgw8c6MlCf:AEEa1nTdvBxFXRYlprYa9MMJKcasCUnc
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 714.30 KB MD5: 039b4f2a5ff00255b03626af66a5f00c
SHA1: abcdb6f96b0d7a8ab23870b00c3102c902eda867
SHA256: 06d2a85dbc31fe88e5b72ac3f6d1ef9b3f8c7305f3c1b77cf6711d25b077ea80
SSDeep: 12288:XB/gsSyyKrn/27SdKozPZNmVBm+A4j732o++E8O+VbLSfmyitMBmp9b09e1C7XqB:xVmKz/278Koz+VoL4ZY891Ry7kzb0GUu
False
\\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 87a59ad72de007e9dfa04f9b779db5cc
SHA1: e0b5f275741d223045e77c08c6219fbfdad39f7e
SHA256: 8bfbd6509212bfdf59960523fe86a0d6750de1bdda72c605ab99810a29226df4
SSDeep: 1536:47Bv5cThGPar4vzrE11akjB92fgQYzIPOjX4O1cGQM9vgJB2V3EBmFST2:4Vv5chnUrQ11FP2fJszDOvT2
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 8a8764fef3ccfdb4ebee816b3d01a32c
SHA1: 9f080ec4c3652b1635f63f5fdb53999c396d7aba
SHA256: 61c0321eabe2fa9044b014799843b5c0d2139c60b70850dc0f1fcb1fe0e5e741
SSDeep: 12:+9omRFiMi2pm7hdAoz26uAft842KPSy7c8Y02K9mpgMxe6/0E:KomRceA7sg2dAfK4274c8+pzE6/0E
False
\\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 7daf0df2aa0dd883b6ff9aaf658d37f2
SHA1: b95b7ac0e8c8bafbfc3a8c6667673e32c28c1eac
SHA256: 78dee9d790d3479f824ded952387cf6dcf006d8b7d3d60de84dfa411413e2cd4
SSDeep: 1536:6LK9B5lmBEjy30VQv6xz6pBq49EDbSesOZoUDcWS2amjz:60lfyk3xzCgpo38P
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: cf91c1be94cc16c27b0572beef05d81f
SHA1: c5ac873a09b23b23632e3d68ab5d963b0f213c75
SHA256: 7e177a1d4dcb15ad6f40c1c7282bc37f7007e95deaaa4456ba59c8e24b9f9138
SSDeep: 12:OJZqmcKyEXnflf9E3hcMTCAZIEhS7c8Y02K9mpgMxe6/0E:OXp3VPlfC3KMTC2+c8+pzE6/0E
False
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.38 KB MD5: 59823c99c8a12cf064eeac666bff77cf
SHA1: 0615529d881058fb2a45c8fc37cf333345ea6846
SHA256: 68a16d3a2225dae160f629d8ce7388a39aa29ab472b5ea224e2cdb33de73dde0
SSDeep: 1536:twMzhwYNGytCe2f6JmTyMQ5O6Q/sq/7nVjtYaDBQg5rJDKtWo1IxRECU1:tsgtCzSOz/scnRQgdJ2tD1Ix2CU1
False
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: cf27c2894cae43be1e8b2b50a9440c4c
SHA1: e511a6fa471d070f178cb59a108c1214654eb085
SHA256: d24bbce2364e42ab621ccbb6438f48edc0578d73cac1db7b5691e105a715270f
SSDeep: 1536:Ebrpv0Zbc8jGomHjLGsGxHvq7pRLYka7b2akvlLwkaBG3E5e:Epv0Zo8j5mHjLLs4Y5hkvRwvQ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.30 KB MD5: 3bf6703cbb7efe9c2d71a2329a888bcb
SHA1: 64786aa84f3391bd3afe97ccdb567bfbb3fbab6b
SHA256: df712b307da92df9a27e6f6518038e3c52dbeee0555b1128b396920ee8e6d34f
SSDeep: 48:H5MPWfn49mTEN9UYfqb6jc/TtuhaEldvvyKSNP6MmfONfEdetK1E:HNfn49mTQ93fqbZ/MhvyfpffZt+E
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 16.08 KB MD5: f8a0b68d08849b14eb723aed34d44cfe
SHA1: 01d7c5577efc6644b39d09090e4b3be880f8edf3
SHA256: 785a38b4d753fab524e6808d3150dba6cf37fd4782305fa8ce0100eb376600f4
SSDeep: 192:9M1y7IwagVJOfogq+5qbZzcquTy0jGHPJ4ILPluM6WGW4sQ5ou66Rs6rQCQ63D80:gyVaKrr0ETsWvQeu6a4C8HAQTrC1VN
False
\\?\C:\BOOTNXT.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.24 KB MD5: 1de8b455948a6adaa97210210a83a3a0
SHA1: f62a9f5396e3d760c3b7f86cdbd3d5f6bc82332f
SHA256: 82dde66f98e947b43b7d05cc78ecfbfede08ec8dc17d533fc78191007340e68d
SSDeep: 6:gEbjsRHji9R1LJovTiN8sLWF+4cvtll0E:gSsRHWAvTiHSncvJ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 9.88 KB MD5: 9a38f4f15ef65b8042b6267e90b13c34
SHA1: 84725b0186de063f92ef46ab597af30da2fb1cd1
SHA256: 7900be71636c3d95dd00df771003017c17d7b5380c44b81384512d4009d2af86
SSDeep: 192:ZAH4b4+GxMF+YoaFlEMhK2Z2HULms4RP3DdAarXJ7uE:Zs170lTjEHAaDAQJ75
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: ed937b789ae549cb390004fd84d63077
SHA1: 3a5158b283bed8a638c45e7faacf1fcf11995b41
SHA256: c62d8ba09b736b0495dae465add2ead6c3f931e228475841dd4cef7ddbc920bf
SSDeep: 1536:UN3W2RtZiv8Bd1hGv/KkqFRoxAPPs/c5phJkWwK8R7hLwTdnWRc02BrkGW1O2U:UdTb86d1tHF+A3s/cvhnKp8ds6BrkrYV
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 36.16 KB MD5: 790db55e4788dafde61a7e1dfb44120a
SHA1: 9447ee854b6a08813611b7f18e011c010bb8f80b
SHA256: 401da5a1a9c396ff7844b1743a6c26fed0463068c6c6f83f19ceadcde7b92a31
SSDeep: 768:URwSWxXYM8UMcVHNgOuXwyWEXJb1MNcvBt7z9+AjyQ:wwS8V8X4HNg7XR5b+cphzvP
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 231.72 KB MD5: 1c8c3c049da1c0b23dd43475063ecfdd
SHA1: 50c5c4cca6c15c4f2dfccef26b30ee8e859bf0b2
SHA256: 828d9253e3de4699869c05e61cdd86f44904cec10db8b85590f74880b6f1c394
SSDeep: 6144:tx+wLcHkuCdg/VMYRuFvLLkWNGpvbcSB3aImy+AjLBm:H+VEuCWivLQWNAjcJhVAjo
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 36.21 KB MD5: c8b2eb8d1d382fc2722bc1811921ab07
SHA1: dd93fbec8219775c2d234d628840e1a4208d656e
SHA256: 3193fcbec5622d29ecf349d0eb40154eca16726e7fbb0962cc2e3493dfee2eef
SSDeep: 768:OIx5FFfd+0ClUwZle1fRQoMpZBX3l1KHJzpncdsO/:OIhFr6FZIxR0pnXV1EJFA/
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: f2246af7837b3550c0cafb5604231a28
SHA1: 2821c73670fac0363280e83a88f26e8c710a73be
SHA256: 0c7b008def42c59f8edd198199115f7ba60b4d5fd5a1bcba36939c6ed8fc580d
SSDeep: 1536:d4X2oRf0c0qk8ICiU9nkOTPZ/czqo7Es9UekC0uotiwmY3R6AVmPr:AfumICiU9vTPBcz1Es9/kR1iwmX8cr
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 6.30 KB MD5: 03e7972d647f484989a0b271dd84a379
SHA1: 9a0182663329a8ab68adaf74281234ca4528e232
SHA256: 048cc805279ba0c7dd67c37013ab7dd037d27b5c2354ffbc8ebeaedea9c9aaae
SSDeep: 192:/OCPzWB1ZJ/nDk6Dkuwcnu1eTRi7pr6D+h0F3EbwE:/OsWlbQuwcu1eTRiVrgo0REv
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 407d70cfdcc487c08a3986ef88430a1d
SHA1: d793b2efc003be7ee876d0aefe5bab1937341ed1
SHA256: 7ccfe9c066b3f0cac4f30bb117ddcc209bd1d98a13c1f657a03ae81d59dbb726
SSDeep: 1536:hJtBhGwHYCxdIVWYn+a8v20Ka31G3VUjSRfl2AvQVv:hJPhGwVdIVWl55KqW2SRfwAvQVv
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 466759a6fc79a316d155315ebbda0622
SHA1: d520c8be45f9e351303f75c736222b5c4eb2a853
SHA256: fabc406155c01460b03a356090d96ae386e88e2338f28e050504aac3a372f12e
SSDeep: 1536:e7hWiMwX2omsgECVddV1hY0OKRdew8QdnkOW+N8gJWgYuDypYMW:t7wX0EUV1hYGCp9ODNLOuDyXW
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 23.19 KB MD5: 28522118a203f26375b2330c132752cf
SHA1: 2789cd37e0fc5e1706a6f229f2327df6c6c33e3b
SHA256: b103a29d4010e59d47392b156564040b1f443ff9146a06e255eef9ca1ea468c6
SSDeep: 384:cohflaYyyUckXHh6qVus4EL0miUMqODToYlxxVhwm6M9XOi1Npukr+hrzi4QQAyV:HlhL7IhjVD4Rm05ToYlJLNpukar0Q9zr
False
\\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 5618df916e2e38457a45aa9705060215
SHA1: 7957b87d3650e002042a41936bbf99d208a82291
SHA256: ad1321a3ee01520143f234807e74ac3ce7850caa570d8997bc43b865b16c7d54
SSDeep: 1536:8paOoIMOyGA3Lt6Ag+jK7Y8mP21YACu8/fuV:8paOoI6GAbPg+Uvn/4fuV
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 27.13 KB MD5: 8433549df6ec8eee3bd69d3c692b081e
SHA1: 9ed5908f7fefd0f9910622c07363ecfc657419ec
SHA256: 9d482a2829ff41d661aa8286cad2c47e8fb38020edd0aa133b7073c989f54894
SSDeep: 768:bGr5ZFfjT/rFJeJFkUN8TOic0FTvffMHhRERwEA+HO3M:bS5ZZnRsJyTO1O3fMHhRERzH9
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 102.21 KB MD5: 36d607ec92de2209d5f1ff247194f217
SHA1: b86cd50b64f6f9ea3b57a5edf61f0ccaff532f2b
SHA256: 738a9940fe8923435e657faedf7ad1ed908be6b655ee2ac64b96b3c3b7e5e4d9
SSDeep: 3072:RiJQByD+WxYvmoIR/EgiojhgCF7f/avC1FcF:RiKlEYeo80ojhgCdKvC1e
False
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 76d2ea56f3999babb97f8cb4532eb8c0
SHA1: c09975c8cf4b5c8b2ab0d37cb104bcfb94ffe49c
SHA256: 43675cb697bf092b063fcfa20ef03085b30e43f773a8b53bdbe6c9f8359ff40c
SSDeep: 1536:RCre1cCvG2xzA4HJ1xGz+Mroh3UYoS9h7uFOfAw3Y52EBGcjY:zvxz9xsRMkhkwOfZo52ENjY
False
\\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: ad90b3c56e499e8c1099d6379a923b88
SHA1: 2cf321b128289fd5ee787b0913d92ef4becc6345
SHA256: ccfa6db0727978fe46ae0a9b1af9070b3b11ccdb39b61ff7ca090101122cc6bb
SSDeep: 1536:TjHsfjmJKUG15jU93E4TrmSzLhE99zLxF8lDTy3ZuIo0DAYKl:Tb0hABE4TrmSztEbLf8TCF7AYKl
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 317.30 KB MD5: 8aab13d56bf92d7fc305f90707c8b1a1
SHA1: 80246c93ca08d989e0ccfd3251991eba1e86e765
SHA256: a86ee7751f6be53a4b453308dcc2904cc7e2d9cc1660aa778910d5175cd71732
SSDeep: 6144:ocfCf+bD9V7+qAzHcgzHjOozYA3rbYUnbsGazP5T/D18psC+YIS6v7QOZZh:jqWbhV7wrOgYA3nVbsGaz1KsBPv8Uh
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 102.41 KB MD5: 617b865461e460a9b9397b101f6f7b0e
SHA1: d5c3a534f24706398a1008d0c82b1c98937a8e0a
SHA256: ca0e5288451869d0dcbfe310812a874ed49e4ffe588e3938c87e7b1d6bb27bf3
SSDeep: 1536:hwOy8+IBe637mrYDZ8zj7joRD669UTX5cj5MS2ctSBRi2LO/s1AC915RdVXmnS2I:2szBZC406yd7SlwjLuvC15RyS2Zi
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 95.13 KB MD5: 9c9affe804f03d2c77e692f4a083e3bc
SHA1: 6fd952ecd73ee841749f4785c0656c31e99d9df2
SHA256: 14599af60ff2eddcc91bc460e457cecad64eccf5bf1fd4692cb3cf499fcc69d6
SSDeep: 1536:sBj6gwh8WHuF279/bhV3IIN5x8Dfq2kk34WrA7GeVBBSIDRyatajTKje:sdBDtF21D3ISvgqV7VVBBLUjTOe
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 18.86 KB MD5: 44d07fc9378577bbe478e7a27925c95c
SHA1: 21ad91025ac8765732427696f4b4af6e59c9d7c7
SHA256: f4d825b6fd5393683a5be73d07f97406276bf93aa0616d5e5d467df7b8088e45
SSDeep: 384:N20d1GDPLRA/Lp31a+NupXcOL4jew1IR2dgb0k9Y7iczu:Pd1GrS/Lp31aJpXcPb7dgbnYWqu
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.30 KB MD5: 08f793bb253693caacb913c7d895a4d0
SHA1: 48b6aaf08e0f3f7497f82a588f3a7f85972068e0
SHA256: 35e830761949d345a54fa6d201d1dc6a63f307d0b213fee2988d6c751632c238
SSDeep: 48:SILzRP818ZgiZfM/q/tayR6/ezqfQypLtz17FY7UeqJTvukAzaqEK1E:SILzRk1GDdakz+QiLVYQikAzW+E
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 11.08 KB MD5: f6fc00dd8843912f262450b4711c5044
SHA1: 8f77cbf02b95a5da48278bce3eec014f6bcfeed1
SHA256: b49e0d917748561f01f1b02b506b9b8b11f02de83175075817a26c036867e43d
SSDeep: 192:U10bo5RCVfi24itPTwbEE91ZDTX7ULO+RxlYHJOr8uI7qoP9WHxbetxKPBzhxMlE:5SRCE26D7jqRxlYkrEPeyKPB9d
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.58 KB MD5: 909b89412203505bbb8ff87b325f1367
SHA1: 0807ff16693ab748223fc2e1783656f2d0f3fe76
SHA256: e67cbcb22122722d4ca9e82fad46304e4d6909eca79322310dcfd7d5d04a8768
SSDeep: 48:vCWjYCDbyIxwxeCy+2xQulslyutihIwFyo69LjKlE:vnvyIx+e/QNYZ4o+juE
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.80 KB MD5: 1e31cbab772f721de371f500f0cabc9f
SHA1: 5d2f5e2af0b3141e72a4e4de92904277f8c2ecf7
SHA256: dad092effd8ba0a46ac384714acb8ecc5adedd2a55fd7d7bf2a1a527d85a7dcc
SSDeep: 48:4othFYLNJfX/BsNQg0ZYBi7qseWTsr1pGolcWKRbK1E:ltkDPzgNBie5XPeNRb+E
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 11.17 KB MD5: 97d08a6d9b3fcaeea613721724e2e50d
SHA1: fe2bf8737718dbfef435c8ae78925daa796a7c29
SHA256: 42f6e549edee43e5ce220add977df581b24daaed5adb5a3940e87679b49650df
SSDeep: 192:x1G57qjRdQsrvDdB86syEJALHgtKrxDqAtnNaSvfYkCnD0idJ1kGs96nNj2UpuRq:s7MzQ4XQJb+9aGwZzmSXpv
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 92.72 KB MD5: 3383c8eafb7d7bb2ba2714febeaf88c6
SHA1: 1089e0e7e33f7a58607d74f90517f31ef60fb3ff
SHA256: 3fc776937401db9825789fd9b7f6825f4a396dc1f21cd6873ae63fd1f3d52859
SSDeep: 1536:tSau8+ss2ODAYJMWFlAeJz442id4VDeXm9aS+OpIY+QGMVVDe3LDbZ43iR:tS6+ND6eR442idkq29abOpIdDMiLDt42
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 94.67 KB MD5: 40cf37d26d9e15cb109c41c1c79307ef
SHA1: 31e30acbb39387737aa3178c6ba6934aad476c14
SHA256: 94918ea12661c60d4ed825f12387db41a211328a73d9fcbe4a2651a5e92ad02d
SSDeep: 1536:kd0sReU3nSVaZpkBaRbuAaTe+pE+iXwTSVNg+A0CY0ZvMbDzGQBIFKSd0gWiFFI4:LsRNUaZesKA8PpE+X2fg+ANY0pQ5BIjJ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 101.75 KB MD5: 183b94197a0eacbf0c1feacd7c06d698
SHA1: 40595788fdea5ebe91b6be72b83297498452527c
SHA256: 2cff39fb19437262b60bb7b97158e5018d591a9374d55f8073500893aa8f2a8b
SSDeep: 3072:vBYJDuhOLTVNRpSW1QZWSwCuOWYwFDhMH:pYBuuwrvveDA
False
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.07 MB MD5: b49e3d20ea89a198ea30d08590a5257f
SHA1: 63bcb067728f606769483bb1588b7684ea459f3e
SHA256: 27a9232d68e510911be51cc24e173d3dc93afe47b8aa38786eaf3bd0506e1313
SSDeep: 24576:Z2r8MZDdPqbWXuS8Wb0fT3D9qSbuamQyFkXhBfaBJ1GXy:ZU5ZDdPHXuS8WCf6a9yFEWjX
False
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.82 MB MD5: 00253669ea1e72a27dbbdec690585b07
SHA1: cefcacc8b2cf58fb637edf266270194729b514ee
SHA256: 33447d28d4e7d27c18a38df9b3dd122624e659c29b61576a83483fdf6ed90c39
SSDeep: 24576:k7YOKvk2Mr2VcSqH3NaTEE5qE01Jn2y9Q+HY:kELvkwnqVEAT1Jn2y9hHY
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 29.39 KB MD5: b70545e058c9c6a929d1efea8b8bdf34
SHA1: 49b2cc21772cd8eeb34b2e8f06edd74c953acb9f
SHA256: ffe60f13575aaa941d0f306603353d12aa5d8c05557b90c39532266e2932bab0
SSDeep: 768:4MOZ6LTQ6ESElrrDouP2WxeZjghejQTr8ZXfm:4L0ESENfouOKe6hcawhe
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 26.46 KB MD5: 557c8c2200d9e59081f4542494ae9f8d
SHA1: c0db2945fb259f0e1185bc2561cbb4fbb66c5c78
SHA256: d6629cdeef2f8a1790f0999d1a2014293181d42391ece25f09832b7d2b65a485
SSDeep: 768:S2OOHjm7p826P75qFUzYXlVlSbWcRutBaEatF:ooG826zJQVlSbtRutf0
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 25.22 KB MD5: 55ea7add4113abbfbb73e2ec98fad26b
SHA1: 991f2eed15a3f751d8b818a0eb67a6652c67a72c
SHA256: ea61161eac3a3c46cc02f933abe646c4c1e27f62c28e8ce9fee9967d350fabeb
SSDeep: 768:DHwt2GFqA7daaMwTF700TCx9gbnWCQagLP6HEgSu:bK9wS7U9pCQPLP6HEgp
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 32.44 KB MD5: 08eb8806b1bf757bda776f950a180971
SHA1: 0610008c209a0a5f95b2970f870e407eb13d3ed2
SHA256: 06e1503812153993401c0f05eec1983ab87879fd5d5d1bc41587270d3267bab5
SSDeep: 768:WQ/vfZUFjQGsZJHKI/PIfiWeOD35Bhst3vMZA1aQSNJ:W4vhUFjQG4MPXe05UlvMa1aQSb
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 24.28 KB MD5: 56c6565b21b250d1fcac34d72a1d8e16
SHA1: 3e9a7fcbe9f042e3d524c9cf76042ea79aae8d6c
SHA256: 8439b635fbb655907dce8690319daa4e08f7b03e93c71d0c46708dd38ad022b5
SSDeep: 384:bNtoruQH6oGcTuYq8xc+w/bhTcWo5vZWiRrGj1b0EjokNNMDvIFb/rrVoHj9QDBj:bNRgQx/1TclR5qjoA8WTVoD9QDBje/C
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.28 KB MD5: bda8b6e01edd22ed88edbe92422c4004
SHA1: 3f28026984fa7bbc290cb0a14c4c49c443dfb3fe
SHA256: 68aaa41b864972b0bc39a8cffb7064b3d587338dc5f1f0ddec82f28122fcaad6
SSDeep: 48:lsaaQudMZrbS37RObhyv+G5yzCrZTqqfIG8ytVjKbGK1qNy6u+LKFE:lTVoi0vGGZGbGftV44N7jLOE
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 24.28 KB MD5: c7f581c061043e9de33733315a469d88
SHA1: 4dcaacb8dda4a7fc1cde4befd051771a139b8b72
SHA256: 9d9ef226e233b459aa15b50e7078beeae242e97f2b1ddbb50150e74df54ce7a6
SSDeep: 768:l8JvCk4fsDD2KtWVc3rdK8S5s58btaXtoahQzu:l8hCk4kjtqc3o8S+58bt/aizu
False
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 956023409aa070cd3e754db375ec4c7c
SHA1: 0aad2bfd9c450a9255aa502d48e9fa23693da245
SHA256: 7551dd26c9f1eb6945873b7dec81885bda1395e9995a66eda339a2463766131d
SSDeep: 1536:FDER7YJvazBXEHOz8GpfRjNa0B75VHwAFlQxug/FoxBslp:t6YdWooHJNp75VHwwQyxs
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 14.11 KB MD5: f93e640fdd64a25015aebce650816d50
SHA1: 6088c4d4e8cefa96e05ba5f895d53110b6e6c328
SHA256: 9469a341314e4fe3737585e718bf2310c2cbb54706fbc3def3393dbc8daeb8a7
SSDeep: 384:6O/xzEpFBvx8Op+FDBk+dFO3m7k8+T2FjHbZ:d5ApFBvvwF9k+dFn7k8+sjF
False
\\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: e7a26c502d0492824af499d436bfe9ea
SHA1: 3a839214bbbf27516ced0e8f4ddfaac143247fad
SHA256: 5a0f3f2e8948cabf8c0e7bf017937fe6eb03051e1f45f9a4bf06f8eb4774928b
SSDeep: 1536:nL/3OibcH5puZ11Kssavx221GAHCOGoeAENn27KJzBsiJ6l:j/biLuZ1K+RtHrrEXLJJE
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 171.06 KB MD5: 18927f93f2a247fc310fbde41e1a4340
SHA1: cf73ca33c53aee7544150b56f4e78c62f1cf33b5
SHA256: 075b227db8ebd643fbd9ee126cb04eb8e0f098778ea75a94d86462efa71e3723
SSDeep: 3072:fzxkvDI5Z/vg3bx4jil9MPo8GHGcyngdie1iGyy5PXdlO+PvEKlQN76SOy:Fh/oN4WEPoPHGcfHyy5fqkQNGSV
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 85.16 KB MD5: 06550a608093d3c9ee0d99c671166599
SHA1: 541454eb777b4dea7e7f01a9ff85fe0322f50300
SHA256: 9b572a341229e73cc0d8b00a29374ad493f999e3f51cef1a31682020e4069905
SSDeep: 1536:qFnqqSJdvppdcGJAw+aDZc1C3UNKpUzuZz0cEio+yUCuhzOAnZbj:0nGJJPUw+aDZBUyi+o+RCuwAnZ/
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 963.47 KB MD5: 7420799fb959c4611bf18c0beb655d2d
SHA1: ee4129f7eb215148eb8b31a12a7f1c35b8bd0516
SHA256: b574a4bbd8ebdde6446dad1a67236f6ddec7196d82e390bd1cc3d26ab4032f58
SSDeep: 24576:qkCO2CWE9jEDMyiU3Y2Sz6Oal84y7gPYpxW+9qJ66vADF3:qk0CWE9jGMyijal87gPYpABkSADF3
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 76.53 KB MD5: 4e1b5c1b8f4bd1a9e444a16ec532de4b
SHA1: c9748fbad65c899d342451c6508b3d6320e6b60b
SHA256: 1e08d840fb02fcba4291b97e5b6f1758fc1396f4d592f4f267d07c00b0c6fe6a
SSDeep: 1536:SQ5ofuSTs230n0bKMdb7/Yijdi+gRjJH35Oftuj4apMQyaMsP:nGuSg3g97/74j359j4apkaMsP
False
\\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.36 KB MD5: a9ac10d7aaf7e43beee76d80ef457a40
SHA1: 601be8c632d393bd4f087e711a7977a9ef433f77
SHA256: 5df1dddcbc92a7e22951cf24ff2352bb897ea3aa87b35372b1388dfd1c121ad0
SSDeep: 1536:JoNiQpk1FG67vctOuwRuUgWB3p1IwmkIgwJjZR6/DX+:Jk3cveGH/BrIwmVgwhZRb
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.55 KB MD5: ce58b00653d6ddc2cff397af486a644a
SHA1: d3aedd3d60cf3d79c259e8666e45c4177f5ea086
SHA256: ebd4269c82cb853105c1157faf52aee85545c9a58a61691c54cfa4172b8d1740
SSDeep: 96:5h0Q6KsOQ8Ciz+Ixx1aGZ2WVji7lWSzp5t1fDGuE:5h09KsOSizzxnas2WVm7lWS1Nf9E
False
\\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: a94ec65d637a589d10dbb7343eb9b4ce
SHA1: b8ba07f2014115118b49a261382182059f5adfa2
SHA256: 05de09d8110cb7cae63c5dae6e69d126aaa0e197e396d70722eac0044426b0d9
SSDeep: 1536:5pHIXRhH4/Ax+YXTG5OfXnL9Zy1sL5Nmtkd42kwR:r0hHv4Ea5Of3pZmk5NFAu
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.49 KB MD5: 6408cb35ce330694e9218d69e97ce329
SHA1: 42f949df4d229e43511c27b797d72434374177c0
SHA256: acce7e82f31bac318c9feef2bad0b15b6f0478049b4f518d19518c8128e4bca1
SSDeep: 96:I7S7HGDvYnE5iAZYDHZfki5FH/hcXflGuE:I7S7GvYEoAS/XJQNhE
False
\\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: ef81b945744be4723ad57ca922b47824
SHA1: 2ae2686a9b793d01f78102e4a0bf1c2abd870c25
SHA256: 3d621eeb74e3c6a6acb72cc126941a2c29cee2747c5def07c38411b68abf24b5
SSDeep: 1536:xBPePbUCbwC274a/E7JXtzFgbgDPu7uZ1LwRQzlX:ravJQahFgbuPu7G+slX
False
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 5bf7d17da219816378d1ecc8b79a0b4b
SHA1: f473007d8aa91f1fbfbd29a144a7f6a091cf6ce2
SHA256: 47bfa4aa372d7fe5a1cda67f15d9044e27e54088a90d54940541e83e35127acf
SSDeep: 1536:TaNJLvcel+WnFPxrewE5glEhmax8HL2Slc5R7Foh8vVP6e2t1Aze5Ht3:TGltjNx6F5Dmm8rjYDohK56eknN3
False
\\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 516d9a94176d3597cd46b6e567cc6032
SHA1: fd6bf343f0763b3a856c3eaa11af225663447ffe
SHA256: 701c9ad929a1fd969c7ad73ee9fb5c2631b9e706ac2488603f623581d2ded0dc
SSDeep: 1536:yl+fTx94peIqGbY7D1OC0vehaj9Dq0Dk+LY+n0PXT+BkiCgZv+PiP:ygfTLIdkP1OC0vSaxmOLY+nSXT+k5P6
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.25 MB MD5: 41ecfe61a618442015103b2dac4b5ddf
SHA1: 924548276e024d2c9688c87e76508bd0aedc8e17
SHA256: 91d5ebe99ed6421d3b4a90a34c7f0b6ab08edfb73577e4933e6d8d7145d99116
SSDeep: 24576:XfuWMD+YwB+B/4+SRzjzq9SteoAe3Lk+xHDQpDGevm0A9B:PED+ZU+fjzAb4LLjWS9B
False
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 2f3efeee0c110685220dd15bf345beb3
SHA1: 557ca793e11e3b2879a3209e423b2ef5b971779f
SHA256: 6c29a66f585aa7f33cf48ba5b1d3d99b251fad8ef125ccdd368ba1713c94c7fd
SSDeep: 1536:DyLX4GOv4tzY2ygKsGr4cyXQhZv9SRSmB8dggaq+vF:Dyzpe2ybsGDyXQHvMS28Wz79
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.64 KB MD5: 748294d9bf644f4bb6cfc6dc95c71717
SHA1: 2498a552dbd3ee430bfadbdeda8a10588865f6a7
SHA256: 50c1410e582ffa8f6d9c60e095b1cba5612702d0979244002057607fe3406b57
SSDeep: 48:muE8bJF8KSrEzOExWUnNDrw0ZAHNNZ3uq8KN1Awlxx4UOmA7uP8SjDDpIOsKlE:787rEyExWuDrwhNeeXW7uP8SHW3uE
False
\\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: 35345ddc31ee042c57a050e311fdf01b
SHA1: f7d24a0c02a37ce2c28ab1981bbefbed9800bbd9
SHA256: 96ba566ecc5698342de54889a22a4e94674b5ea527e21087e3bfb7ffd9f80b1d
SSDeep: 24576:1jEJwDiZD4VNJ/ASCTzEB4hN6Dysy4ElzTeklE:+qDitU/CTzEBCkesy4GzJlE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.81 KB MD5: e66a1b47e412649ea8638a35551e26d9
SHA1: 3d7d73bdbca42f36781ab439e73191b193c0ed4a
SHA256: ed7489c37daaa58ff4306a5f916247ac492ce96402df609e70c99c10330ea3d0
SSDeep: 12:AmfVwKxu9+Vsye3DRbVMNZXNXS6x5Id88nEP2uRN2hGJGQpG7c8Y02K9mpgMxeD:9aKxuwVsye5mPdXPId3nKHhCc8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 2e2ba454a62711adf9b47ac62facc7e5
SHA1: 3e062a219ff1b2c1ab4c69f5e349426b747a60bc
SHA256: db506f9d48af50d33152370ad35c46256e6bb2ba03ce2630cd2a19414573176e
SSDeep: 12:w2RbkZfGRXapntbLU3XHVRHt85VX9KucSV7c8Y02K9mpgMxe6/0E:6BGRKVtbg3XV38rNEShc8+pzE6/0E
False
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 79d007621a9b0d13ffc6d3ba582d20b4
SHA1: 65b3153f0b4892988538023ef801cbf899ee025b
SHA256: 59549dc7878f68f03d0a0089bad84fb06cc7ecfc51b634ede10fd7de5ccb10ca
SSDeep: 1536:+qsRo865VL9mbpRTrU7who6+4usv2q2aKFZGBd0STLdVt:Ye86X9SRTrQ4Esvk/Zcd0UL7t
False
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 7527469cabfc955fd69867321ca5f972
SHA1: 1500428a8cd36b95d38c7a8940ff097606cd6e16
SHA256: aa92bf6c5c012ff0c2596402e2274d7a3e2f93606476d31005760675fc43aef7
SSDeep: 1536:mNQ4J2+hq0kGk3oF6rE/vZfVIcYkTZFQdAZ3rS9MduO:mNX2+hq0fLQE/vZfVIfkTAUrx
False
\\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: ade02b78b660e48a3384eeba11925ea4
SHA1: ce1286b595eb7ee5e6fc4d51b8f75b0918db91f3
SHA256: a21b9df3c4e9df9a194b44b6fc9a7c4d892bda80e98e83655af77be1ca5ab775
SSDeep: 1536:hCqShPlpdTIOmqxuVzHY+K4zLhYiGfJo8S6beavnbpzPfuuSWu9Ncm:hC3tUKcC43hqyF6CAbpzPfu19z
False
\\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 55c157d0b0f1113e476935d448c5c188
SHA1: b1660b21ae5724e213f48c7a0e780c38f192cedf
SHA256: 4f2c29b99aa9207f28650ffc449e815f4553033a7e9887db54d62ca98e00c7d4
SSDeep: 1536:mZp4MuIhajwPd6bB4my547PkpOqPR8BS0BOoDSKdq7e:V5IhajwPeB4my5W3ASBS0YXe
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: ffac3c61aace46b6e0c2fa65ee75f0a1
SHA1: 9237bf254096e47e111906292e688f656a5da84d
SHA256: ea9e603985cf417a68de67eb255493ed68357a10f26ff02e3180f27795af7e9b
SSDeep: 12:x6i3tie7tvy84ryOMc3hGWvsbylF2kFtjdI7/V67c8Y02K9mpgMxe6/0E:xdM8WpM2LHDtxI7Ngc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.52 KB MD5: 7eba675750f4549705931c898a9b0c7e
SHA1: d49f320fc3b28c8894da532c815002fdeab62fd9
SHA256: 082ef441cd80fa79640e3c38d0474d1e4283d4c0696f988a4ca89202f5f33f82
SSDeep: 48:c1PBY8vSuAYBtPAFoLxP6GlxXk00D055+uKlE:cBBYgS8tPUoB6GzkW5+uuE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.66 KB MD5: 9e38deceda8201bb8e16e1906bbf5a25
SHA1: 236b1ae8501da22c4aa07fb0435b81a45b727bf6
SHA256: 63d231e20297763d972bb8fd6e7d8512ba21c01372ed9e87774a05d4535fa233
SSDeep: 12:QWkmIqVJYUetd83iabvCj0ocxEMeU8OqfY/gl4Jc5US7c8Y02K9mpgMxeD:Pka0VIZbvFLhH8VYYUc5UYc8+pzED
False
\\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: b62a7401e702e727e1f171a2d088b87f
SHA1: af195f8eaaa880e1f60854ab7ee7db712c505004
SHA256: 9271f32fe0e4b8dae6699bd674e614e5a6e6dbb934db61dbc7583d7b815161d2
SSDeep: 1536:6f7HMlkVS5c4L/QeaP4tVYY3CNA8CNgnC6oY+4LMbgmQrU0H:6TMsetLsmVY4CNfmJYLLQ0H
False
\\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 99136e7e73c3739894efcb000f04d550
SHA1: f71e11cb6df223bce6a564c41ae2f6c49b86e015
SHA256: 84b482ac2a3b638ffde4f4f3f1c62e5794590ea1f9969a069e272fc2ba36e439
SSDeep: 1536:UBl9sPhOO8PSPrmtg6efraVUKvLR48NoRyYE9b:CK6PSPC2fOFLR48NIyYE9b
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 3.44 KB MD5: a4a59cf1126e90e90a43aac946c6fd54
SHA1: a458827f10b98a8b31ff4d0caaf6c3a1b29bdb9f
SHA256: 2761220530f4694b38e8f36ecf2ae4de09003f813a1cd3537589f85c4ab7d1ba
SSDeep: 96:UQDlcGFVvRcva4CN98BH9K3j6Ndn3vJvrmGEuE:dNVacisT6b/JvB/E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.49 KB MD5: f866bc12d125729dfd63c6736dd35045
SHA1: 5356cd53196356221547efe6a7ecbb524d0bb32c
SHA256: 79b126279ae69c5fd80e01a9275ddbd1007d3d2fc9149a2aa0164ed749be2781
SSDeep: 12:Mp6Jgf6rTqUq4ZRNetSaK73eG25611UTEibQ7c8Y02K9mpgMxeD:hRruUZkShj25iU4Qmc8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.85 KB MD5: 3f77551ba405e5672b18e839d32fa380
SHA1: 01340991bdc02276fddb5c6fe99a422e89b7728a
SHA256: 40a97c259b3719e962856a016dc690a43652b362c6cf9f0ce21028003de4196a
SSDeep: 48:swu68UHpO82Yl+qrdpY0xhJku+t7bBtGKlE:szegvYgYd+0xhgBtGuE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 385d1faca3936645133dedc5c71bd5ed
SHA1: eedb636015b3df6ef16a69eb527569820af16ca2
SHA256: 858fb693a631b0746f32e917768e24008c54595ce5e7a5b157be1f5ae20928ec
SSDeep: 12:wGerZBxBhvdQ2mPX8SRW6B7HYxmtHS7c8Y02K9mpgMxe6/0E:/e3xBh1J4X8YtlYg2c8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 6ae45dc2ca36ad897c46d14f6d4296a8
SHA1: 9d412386242c34290c88b836220a0e69c75eaded
SHA256: b1f935693d6d6fd150927451ae34f37be932302c3c5271753465507c64d75194
SSDeep: 12:I85I0acTcgodDm3jbLsxd7c8Y02K9mpgMxe6/0E:v5I0ggCDqLipc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.66 KB MD5: 5fa5de31ad4defa2eaff6f4386d6701d
SHA1: 04b34c4b65656a8cb89c0b4bb19b3b818789a8ff
SHA256: db0d41f81c711e40c34d14ff12cf108bd1fdef26e79104dfc73ce36e865b2e58
SSDeep: 12:kMeidJ7wbXjuW+axj4r9bwqsKuT4arQC/SFwe0ej1JQGU4yGUf0oTg7c8Y02K9mQ:ktMeTuW+alabfsKc4arZOwzPGUj5T2cc
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.66 KB MD5: 5289092fa80c4145ee50f25cc4dcb2a9
SHA1: 1d90676b50399fa69fbd00114b8131b1cd833a68
SHA256: afb2dc9aee07fb5025f7bf786c555311409fbd09f4d8e3ef76d7a903cd2c6863
SSDeep: 48:jpTwTNcn1e65kW8kO6/8iDSC2fk4msjOMpiKlE:j1rkWYdinR/sjOMpiuE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.49 KB MD5: ec6fa8e310a8668dd961278efaf8e9ae
SHA1: 5cc95580d1681f45ea026ea297480487eeabffd9
SHA256: 13ba7129121e916911ee3c5240069f8abaeeadaccf03b0f2965dfebca32d6361
SSDeep: 12:ssjKpIog7SU0vp5hL/8pH/e7S7c8Y02K9mpgMxeD:ssjjog7AFL/GyYc8+pzED
False
\\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: efd1cd1908cd4d8b72985ed896287e39
SHA1: a52b5a46f1ef29f1fbf9f5909e163c9b06aa8c58
SHA256: d604e90296f5b3b0cb380cc5aca8ac50d3358b5522f0d0c46e6098af57ec67fe
SSDeep: 1536:kE/Bt7vgFhsrKHvqr6ph4CLxQYGMtXu8+0xASdf3nf9oMRtzi:kE/BtkFh9Ey9gMFxASdn+/
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: a46cb588ae47bfc8c0b6c507e3f9e59e
SHA1: ab151845af6962e121062b0f2906c96405e6e2d4
SHA256: 32a3a47b81e30a2862e3d4ad4713df0380ced960bd668415a0d445a9c45cc2d4
SSDeep: 12:ESh4I+JXLyR1RNqAbbybGEV6NXMgileUT7c8Y02K9mpgMxe6/0E:EctALs1RNdmGY6ugbU/c8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 4.58 KB MD5: 8e23a9d9e3096b24cc6a25818d39b6ef
SHA1: 93a65880ee88528acd9ada5674ae6d8e00e09179
SHA256: cfb35cb0afab58d6d20ff7ed9d2efe8af69f25a034c94989302b41f2f6190749
SSDeep: 96:ND3OYAetisqZOGCWkFVErf/NidXI9rOk27SmnEXv+IW3zOuE:YYBYFOGCWkFKf/YiwNSmn0K3FE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.83 KB MD5: 4e1b51ea1a97ddd1009fe81edfb514a8
SHA1: 857bea26cf649753dc465dc9202a4e405cca5c1f
SHA256: 2a91dc382ddf051752b009b7bce296da7a93d70143e319c44ac372a41df437d6
SSDeep: 24:B39kTg9LZq7qMTbFNBWor1XxyOuBvMVnpKz6Yc8+pzED:B3+WIekpNlr4yFKD
False
\\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 395b3ba7ff7d4db56a8a82b47ae1d069
SHA1: 586f6e22f76e696d99c2c3feda966a96a94610b1
SHA256: a6632cb76ba99a62038a386345614799acef07d12dd1d4a59f0deb599698a493
SSDeep: 1536:xbkE/374rTQqYLK359Ng+sjyc6A0onGDLPQg/LyytRTF8:iW74rTdceNiD0onGDkgWc9W
False
\\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 8a4fab0a1cc332f88767c28f4c172334
SHA1: 5ab424113fb07fc0358266d64b5ea34233ceb4ca
SHA256: 3746401c99c49100df75a2cb3ce1a05d523ca68c3377aed28f02d2cf7d0eb526
SSDeep: 1536:sQSS9/byQayLfCdymdpvweJGWkQ2CclX/b+WnqGlFgDH4CF27IliE/q:P//2QaGfEymdpvweIZQ2CGPpqGoEDUlq
False
\\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 9a56be40087a7d9ceff1867341cec8dd
SHA1: 8de5e0695e4984423c2a65812efe3803526ec1f0
SHA256: ceecd18b2512187af7d0eff32d03c39cdb86db89895307ccada22e0a4ad891f2
SSDeep: 1536:pRkflhEJqbLEfJLqIBmyyW6mZETIQtmCdUaYpTnHTOgL2UdOEAKV0i:pRrJq2JxBmHmZEU+rUpJ9DOELV
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.22 KB MD5: 6d71e1cb68d83bef80c72fc4ecab44f7
SHA1: ae338fe3dbad50e0f38a2631d4dbd666c97a63a5
SHA256: 23d5761e9d1b0ee611376cd9ac313b4a3379ae84541b9cb931a923a295bc646d
SSDeep: 96:YamW9K5nRIm8WsRujelqyeepNOdxNLybKXWg1dy3nHqn9uE:9R9KcDBlqyNpNOzNLxX7dy3nHqnME
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.80 KB MD5: dcc2912e47d284ae73199d551b059b10
SHA1: 5122884fd7a65a2598baac005a4bbe85646d8722
SHA256: 222c7fd1392862f78e8411aa39887cf68e14e7399bbb1b3927123238c7c8e493
SSDeep: 24:+TJPoGBiAnz1tEiOFaWmqfzgtcatOYgYc8+pzED:+TTL0TXCOYcKD
False
\\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: deb087a494193f3ea29eb07cf39b5375
SHA1: 207616c15d4e132230848ada2d9dc58b56364614
SHA256: 9e683a74a617923d49f881d075b2ab44c507bd34217fb1b09cd8e4a1758c5797
SSDeep: 24576:Lvu58YoJCT8G51duR2WeHPAOfVljZf+GKB6cc/5Lz:LW3oJvNevA6/pO6cILz
False
\\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 9f0282e093499f5f903440dbcad2e08e
SHA1: ee0fb3f910210622b44509231d4e9a6d4c2c367d
SHA256: eebbfc81c1dabd765a2bc4dcbf1f6979454253f9fe64d93e064ab856203c97cd
SSDeep: 1536:LAvJ1ZiQp1f1AN1LC6XDWAYJephceP8IvOOqzOlIr7s7itMeAmNg0:LAR1ZiuNnEYJKhceUFhH9HA+g0
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 8711a18314a561b4cd9c5c59ad7551ae
SHA1: 06719ddaeb43ab898863c151751d2f8b7e49ea61
SHA256: 9d58f0c51c68e4a774c79b9dfedefc20ebd6d66178906a03f2b789e75ab8849a
SSDeep: 12:9DgRFTQM41pHDNRBRsGoo3I7c8Y02K9mpgMxe6/0E:9oQ5LBRkGoJc8+pzE6/0E
False
\\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 1e89d36f3a12cd5061958b1c1a5b59a6
SHA1: 2cdd8b8795b9efb93279b3f30981b1cfd70b5026
SHA256: d9c394b37e6ea956a5b952b737319df28f3fa676b1a370d31d8d6bfecc6cf02c
SSDeep: 1536:xIYbVj15P+9pMDBx9LmAkXuDvBlDtxOzpsQK/9/6yaqvy5:xIeL+9eDb9pwM5ttxOzxgySW
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.08 KB MD5: fc267a0a76e14e0ff8635186f509c051
SHA1: 4d87f6e748344911ba99dd0e13f6f8a69fff648e
SHA256: 3b411874a0fb6fdca3b5a9af3f180b999fd91b3dcccbdea2ec2ec907395abd76
SSDeep: 24:uFWxIEX7y58GmQaLTCcMW4UOkEELf3NDgm6wbhYc8+pzE6/0E:3IE+53mQaS1U5pRg8FKlE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.50 KB MD5: 6a8c3d0af666cbcc0ccdff05ab420b5b
SHA1: f0b0e8a159c7438add55a5a7b43ba0c3bf18e828
SHA256: 43c3bae5d50a0892fa685e69305357491e49f9a2a044ab4525353d7132052a73
SSDeep: 12:nNof+Q8M0CfxVOKtCvSO+JkpiJMu5sT7c8Y02K9mpgMxeD:g+Qt4+CvSpJuin5Ic8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.14 KB MD5: 5f47bbd397f6c1c1c0ddd1df651120d3
SHA1: bec0474d876352f121952df25cf02ec35a0a3d87
SHA256: dbfd970ad07559cacf411bd03ef77635eb5a7ff174b85e093b158d4dbb62e0d2
SSDeep: 24:5iNxDNrW9LEGZcTD5KqdvrX9Sj32R0m3JfsaaJP/5B6S4xI4fYc8+pzE6/0E:M6FiTD5lzX9S72R0m3JmPeSYFKlE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 0d125bf2b3aee308e0e2c3731a902569
SHA1: 8bead1009f5080690ee3c9490d0537c055f3b01d
SHA256: a06bb92d012135569f1b0649d3c59604d76279e5296e21151d48de3287443208
SSDeep: 12:jut1BmJg1/sI+hZ1+VcR72L8cmfAOeHBq7c8Y02K9mpgMxe6/0E:jKT1k8cRi0A1hQc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.50 KB MD5: c3b75eafe5a2c0b5fb38cead9f8c488d
SHA1: de3034f15cab95b05be32ad0a0b4eac1a51938a2
SHA256: 00c08bd2f351150ef489a150efccb63a8ccac064b6729ebf27d12bd6fdf4f3b5
SSDeep: 12:kiGw4RZZHBQBLJsAftp/oZtVdTu7c8Y02K9mpgMxeD:VGw4VBwsst9oZtQc8+pzED
False
\\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 07c58e1829a1f87717a1466e26a9a223
SHA1: 41bdab30ceeb6629ac8f0ca1087e87912b0323b2
SHA256: 470b23d37adc2eb353634fec8fef6ad4a656d64b50bb78b275ce48fbd6f0dd30
SSDeep: 1536:7sPF9HeperxahrhN5r1dGqdlWtcIRl/+2PBVxRf36cBsbLeWQLl0Rf+pkJN:7sPfQH5D3TW6IRlmQVnKwsbLZEl29JN
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.46 KB MD5: 3ea53ab7b59310980c3b1913073b5bae
SHA1: eb64188fef7e349279eef5da02af27f4d5685d3b
SHA256: 8563d29b917c920eec08d49c70326367da89c99cd1ad95f23043d147c341c051
SSDeep: 48:GHG5KgopYl3vuoVIlea+ZXXUnmtB/tZZ8FWWSGxKlE:t5KgoO3vukha+BZ5gSGxuE
False
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: a8e3df7a3c0fa142f2ae1239f653ca36
SHA1: da93fb17abea0b1f7e4cb87b3697f7e094cfffd5
SHA256: 3d14625cc5659b5c9d0358afee19a56aa363ce67d0b285676a8c2fbf7b7a81c5
SSDeep: 1536:g5cXTYIPRh/oHi3Wg9mrQvio/9fH9gFp4x93ej4DobYR30:g5UTt3/fjg0z/9/9gFq4j43Rk
False
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 91d074763cc08de596c4328457921502
SHA1: e89d6d41e7c74c290f704db31c6517dd8bb5b1a6
SHA256: be6ec0fbae179a1dbd323ed7267be54576708cee4e8cef0a8eca4fe65ef42cf8
SSDeep: 1536:pL+cUczOyS1lKPuINxJB0TpRJpz8kcoLAUgQZ32cI3piVAjvxqc1IM:5zzO5lKPbEJpz8kcDQ8ceEWAi
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.69 KB MD5: 7721ae0c23907686c4d16db693baa95a
SHA1: 2ba041433ab16c3962a1ced3f809cdae3b71f97c
SHA256: 173a0f5e674be980c37bd9ba26db1fc36368addf000a133ee31c980dfb43e12f
SSDeep: 12:KqVm4RyvuSWaEgiweKDreigVmEYNRxsA760j5hErmKzj4g7c8Y02K9mpgMxeD:KUauha7eKvei2YNXsAeMfErmKI2c8+pm
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 7.46 KB MD5: a159d64d5849394933406c7cc016e6aa
SHA1: 494577dec4e319354d185ef0f9d75c9db94c17ad
SHA256: 9264f5d27c97cff58461c067dbb472be6dc1a8319d3fdaaee47b28a893a5d7d5
SSDeep: 192:rEbjjXtHDRdfR3YoSXr3Apvv5y0S7cgT4BE:A7XFrJSXDApHBWV
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 29fa431a01396fdeacc4bac1a28267f4
SHA1: 5207725953176a426da4db80c61e72dc11f6e0d4
SHA256: a58daa5ff45162e116a328b5f04217bb996b54c402a66ea9e2031b4cc21141fe
SSDeep: 12:E5UGGXTPAaxl8zA73qGC/enQJ7LbVrxGkLkg7c8Y02K9mpgMxe6/0E:z5XDrl37aF/aQnrTw2c8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.69 KB MD5: 2b21bd350fb3e2506dcdb9e9384b2d30
SHA1: 73daf2f8e0d482eec32b32785f76038300972a22
SHA256: df15acc817c3579a2d43ab84385723790d8aa73b5cb204d01c99ef419b1a5593
SSDeep: 12:NiCE3yBAkiOn6vfyCKFdkQjP1mgQptmC+Nc6Wps68gqIwr/5d7c8Y02K9mpgMxeD:NiH3QAQA6CKFdk8CptmrN3WpsHIwrDcc
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: a5945e57ce4c537afa92519acf31eabb
SHA1: a05211846b3ca8d3f4031a6448fe7bee5028d216
SHA256: 3e43445d7128829b04da2d3f31c0fd4147ff69212c720421b1b6b15f09cabcba
SSDeep: 12:ztE2H6+VWc9wSjEJiEj5RlS6w7c8Y02K9mpgMxe6/0E:zq2a+VTiJiEj5lGc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.35 KB MD5: 271dadd01593469e961918dfe3cb07ca
SHA1: 3059642de613f7ec3a8c10c18a1d3c6ebbe5a7e7
SHA256: 4bd65c80bf8cfe54faf86c3fceb7e99184c827809b1614f1125886500358ea4c
SSDeep: 48:3Rf7yv2Fr+ue3WaWBEK4vuddB0w5AwcVlolobbtXRGS98YodQF0bvKlE:3R+vgrg3Sdprc7aKtJx6buE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.49 KB MD5: 1c1b0c4c13ea9899de87f9d09c859f58
SHA1: 5f7e856b0cf8659b095c6f1c7e96c53390d8b6c2
SHA256: 3e6fcd7a2e55e8ea2466cb0a9bd4c7ffa7631db8261eb62c5782eeaea0430e0a
SSDeep: 12:yjPYWV5VK27PbMXaR81Ax+7c8Y02K9mpgMxeD:ypV5bbMXsBxcc8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 4e6369538a909160529431b4b5d65da3
SHA1: 33f4b6bca5efa84bc3473e6471379422d9a97b44
SHA256: d4bcc83acc7057f7f1efc68f3ca63c3cb980d93ef2da385e0d153485970002d4
SSDeep: 12:VIUBgm0iRKJauKsHJ0ZT1Z4amz+lo/bFEtnS7c8Y02K9mpgMxe6/0E:VDWiEJaTSuesozFynYc8+pzE6/0E
False
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 54567e3abf8de59bb29dce70c6ef31f8
SHA1: c9cc9a46260f9227335fd89cc198a14bf1d2a62c
SHA256: adb972f6dde4506f2c0602e6df16692daaf118bf5ea172c7f780289c86f8a903
SSDeep: 1536:2aLy/7D/0bM88hMEPaSeEPwaS1xoH1v97A2zX02Q/niERu:Af/09EPpMlDoHrk2z02Q/nlM
False
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 56b595e0d5062b1578a7bf5621bd2390
SHA1: aa9f5844c5f0d0e44d948e5fc7745bc1b5552244
SHA256: e4d79656d9f5d017f8b072360124aa4c4f468fa491a987c4f3be29657d3f8c51
SSDeep: 1536:urlhzj5PnPNgtwJULUF06TKlqYt6Q6rO/flaCrUf0l:uhd5PNcwJfTKV6XKICq6
False
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.30 KB MD5: 29f71d12939dac086890b9d04cde2e47
SHA1: 5c6fcc16975f25858ca1aabbee494d3b00630468
SHA256: e6b4e2ba13b3694bf05c7e1bf8b56e40348c1498c4b5884197fcea662be432c5
SSDeep: 1536:u63Cz/wGPpukVVR8D6sxgzKpYx8CAqFBEI0JqyzKoHkdzL1ZoZpBRZTND:u6yLwG9VRSszKpM8CVF6IQvKoEJApBt
False
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.30 KB MD5: ce4819f8383194f59b63ea1365cd5348
SHA1: 56959db6900551f32626df524e840636a3ba3d24
SHA256: b75723c0cd84f404dcb29dae43562eebcca79aac46dc9541fdcc108dcee7557c
SSDeep: 1536:1gKzhg9m1THGdwexP897zfsPymAXEbq3gbG8I4cr3x/7mkzE/Pi4d:1pFg96TmZP89vspbbGHrh/bE/Pi4d
False
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 749215344bd1dd2dd70a290ae2c0aa4d
SHA1: 6b8c685ea74735ff269f86da2acaa16c314b7014
SHA256: 31308dc5e63696badb13c52aa055076537fb7be7173fcf94da865e864522eac4
SSDeep: 1536:3OhKh9Mu0z9kiQdJNppz2faE0XclhgBMEZwmHf7437hSFL:yKnO9kBzvE0shg4awdSFL
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.44 KB MD5: e5ae23c1d883c6f1cb95906a07d83873
SHA1: 384c7dcf6430a2ee3f35bfa44744618f150da88b
SHA256: 8ddeed104216c2883c6dbe51a71be41ae4dabeb6edc31d3f6494e8e7278df9ba
SSDeep: 48:CNFy6rSW9byrTGG2BJNOmbsH8LgW4E5eHOkJ0mHwBpzdWQ40TilddKlE:r639bwqOEsH8sWIHvCpEQ4RduE
False
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: f6d86f7765cbf95772a3b25eeb60ed06
SHA1: 15ad92cb35c1d5a063458fe5afe6ec50bb22f4be
SHA256: dfac4d6ba54841d487e0fde3c4f17f3542ce05013c7a1e4acb1b6426d3ad3b35
SSDeep: 1536:8mZSjQQXvX1LmnsoCgp5egmahds8eC7R2uAKZcezFpJ/q88+XZK:CDvX1LmsoC+Pmah68eCYueeppJyBWK
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.69 KB MD5: 42290f598025dbe196d533c90826d27f
SHA1: 8a06d0f5a15f981cfc146cad0fbd3825bd2c51ec
SHA256: e5522f93e7433d74c664a43b56d4f9134402c3f73ab09b89270868cacafef726
SSDeep: 12:9E89awb7qveBGElIj3/JHxVoKexyMSYTskeJmgimJpXqe7c8Y02K9mpgMxeD:9b/JBGyIzJxVoK5Mx4MgimrX5c8+pzED
False
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 5cd0ce6f3b978a2907f43f3140c2fe28
SHA1: 1f30a64d8d5773bc0482439f5e6756672c27ff04
SHA256: df3a0ad1ac24932f274669a139da8ec47a1670d3a548c7eb8494b06d18e1730d
SSDeep: 1536:AipXSp+aZSnTjA9bqLfPX+dBIxRp6RbyAKZpEr0ZlMAr:AipXU+aZSnTUbYf2dixgyAKZpEPAr
False
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.30 KB MD5: ca08b5e8e4d699ca6b7c6385b01453d1
SHA1: 4b87f77a13bea1f2e2342a5dca8f01a0709e78d0
SHA256: 477ffe2bee93ef749f76cee264470bff09e07efa320901c8eb9c64e7875f431a
SSDeep: 1536:qxWXo5DmpJMS6/nVAvXl6yQ2NsWJaOsM4AUQMebw/FnL4sFIyFJQvja6EpJAr6W2:FXXJMS6tMl6yQrXsMXNnciIyFMNyWR2z
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 7e38340e96b36079f9432f5b291876ad
SHA1: 8eac82c45b77684821bd5d9f145dbce560678b72
SHA256: aa0902ededa6d4274f40691fdbec97d8f1ce5683f219db90214554b416e4ac5e
SSDeep: 12:NUPOYQ48VN0Jvp61k18xJYZQdehs12dbzobE5pFm7c8Y02K9mpgMxe6/0E:NUPOY4VN0Jvpe68wuES4fob0kc8+pzEy
False
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: bc4258e6b2946ede2bec2fbd752a1ad8
SHA1: 0a6b1d4d6c38f22abc878f82e12e2e78c81d95bb
SHA256: 135d3f3c7b6b3de7addbae1e296b797ee70c597d612ebb7fbbbd29f293057c65
SSDeep: 1536:zVxQJ4wOggFnwvOtjMiRWiuL8wkRS+TPUfcYsoxiWO5XC3lJsLk8dvjWmrmHIVav:zY43gwVHpuKJTPUfcYgWO5td4J
False
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.36 KB MD5: ac9a440b8eb12a5ffe5448beae6a50f0
SHA1: 20015efdb994eb60aca89df66c1f53ed2cce91e3
SHA256: e86181b531c511fe1c5762152403b53dba06def56d5f78c5b7937bc0b512ddf9
SSDeep: 1536:oBbyUBe0kp9Qws4AcYsLI9ucqQLB/PZ0TFJHmbCnBMVeXYqXAaq1GKPO:OyPSwstUguc3T0ubObXYqXAaypPO
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 39a1225e9663f0258a28bec668e9014b
SHA1: 717109caf3dece4b5a6b6055ceae930ac0e882a3
SHA256: b9b5bb54ba8cb07c0a5eed605b9b75b8c4a745fa2989bc046e1c137b208eb99e
SSDeep: 12:31XC9HKfRJaPppoZWb+6EdxNFoTNo6PGdY7c8Y02K9mpgMxe6/0E:lXCYZEpZq6EdxNF4+dOc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.78 KB MD5: 8869b277ab6abe9cac5a617a60708008
SHA1: ef0be8ab8d475191c84b9c45d79d582bac2444e0
SHA256: fca4cea0db85547f5af513861f85d22501a4ae0e3b291534f444ffe92d4bf548
SSDeep: 24:JZQaJSmi1oSPmw8fozrckXKWZoOjUzc8+pzED:JZQaJSmi1FP6wzrIioe1KD
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.88 KB MD5: 9548e87375aa2f699b47b0ee1797f65b
SHA1: 80ed694f9cbe4c0fe717a11de017c377b629984b
SHA256: f5f6952139ec223ba66776c906a9ffffe7054bf6747d71d3f86a24a3993a0295
SSDeep: 48:rtUg6F0ay/gZV6BoZ3T+HY7fnU2sCZINKlE:d6FKnWUHAc2JqNuE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 622.85 KB MD5: 0174fccd3487f747e9342dd311ec95f5
SHA1: a7de2720318dc81d807693c2a6a756a0e53d3fcb
SHA256: 28b20cdf71bb64b06a1288a5183e8d752b3d426e253c0588b4dc0f7b65b0444e
SSDeep: 12288:ilfV8cn2bLf9LxLQo+tIEk2w6XOmcBT1nVtzgO4AtANi5oN:sV8cn2Hfxl3gw6X1CVtUO5ANZ
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 2c74656eccdceae4331e8d15cf9c0370
SHA1: defe940623d8f0a345c47d7c2a7070537fa79cc7
SHA256: aeba65aa5106b434f1a2500325718b2232aab4b4ebec95aafdb0cefa41b7e22a
SSDeep: 12:MLyyNwj5Rb8gxDPVKY1XOAbGCDFA67c8Y02K9mpgMxe6/0E:Mh0NKu+6Tc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.06 KB MD5: 56fee0163ae909660e040e5c81929082
SHA1: 3cb3bd9c75e7f92187f3dab416b1bc0815f33844
SHA256: 92d1a83e5a42c9c3954f742cd5f9a010ab70e255c44e916ce8bba0dc8744bedb
SSDeep: 48:sc1i5T4l3hPDX+ATaIHgGYGx1sRDnNI7S9pU1ucQzidRYZQWCHeKlE:m5Q3hPTFabGJs1NInuDbYeuE
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 2a95d2fae445216f0fe6a8bbdfa6a13e
SHA1: 4c15df2b9bea9fb25d8b400a1a19ebcb72c827c2
SHA256: e5532353744b152472e1fd9313cad042c7172cd16a01ace60399f64830b7dc44
SSDeep: 12:3s3BmTDmFnSHjkuv2g9tAXK7c8Y02K9mpgMxe6/0E:wmTnjkSSwc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.69 KB MD5: 586b8753c82b8250aa724823cb6ad52a
SHA1: be759182202a9f7e310ddda8eeb3331723154653
SHA256: 4c3ed6d81bfce34bb6891d65df689b6c172d07af35b6dbcb872dd96ddb174304
SSDeep: 12:OSwq59/BYPsdTcuW1KuSEowGnpQWuOYq/7c8Y02K9mpgMxeD:F59CsdTcuW13lowGOlOYac8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.42 KB MD5: 933d7e39ebb36bd2aaba8dac0712caaa
SHA1: 6b36fb76ba67018df16bd9fa3630729c9a578031
SHA256: d277d09f60035e356201d81a6f4cae6bfc42d83231dd83efb06e201d56b2adbf
SSDeep: 48:io83Qumy+b9/7HjMzrbY8OFhNRFs3vhBpyGb8bfxCcCNPN/4eN27i2SXjzWrKhl5:wPmy+blHgzrE8OF/Mh3y5bfxCcM1zN2K
False
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 159faf826c9d2870d2968c34ebb9ec65
SHA1: 962d6d3d403191104f3b70b5f37b0669ffbc0d44
SHA256: 14613ab09219559294b6506e627ec9e8075b41742371ae4e489b4bad77efdce6
SSDeep: 1536:rM80noNvxHDsrV5VDfWizSDqfsSFUt4FbtHZN9twf62+d:wCxjsrVLDWHqmqtHZNfwSDd
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 304.02 KB MD5: 272876a478223b53a1ad763b27d4e08a
SHA1: 61587ceab323e0e500dc55a685968afecb98e3cf
SHA256: 6457a2c439582aedc45f761cbd3a8a79b83dc22e6ee30fb11d575a079897abe5
SSDeep: 6144:zYd+lUfmkoKi8E15n4Vp5TnVB2LpKd+3YoSqVPJd/u0zn1noMmiyCllg:M0lKi8ELIVBqKhoSgtZno/HK6
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 5a2754662f3ebc11ec7b46b5fb97dfae
SHA1: 7dbbd64661b50b1065112d217ee4cff531cb412f
SHA256: bf4324add43ecb2b9483a17c70838ee7a30ba2c520b398f498b1945bc691b5a2
SSDeep: 12:JItwvSoiRqWY7Qb+RcXE5zzDsnZ6lg4Dzny9F7c8Y02K9mpgMxe6/0E:swvVKq8b+ReE5voZUg4DzqRc8+pzE6/v
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.49 KB MD5: dafc3492aced6eb106982e747b67874f
SHA1: 15f259c3266e7cb717bf034f00ee68cbb7d807cd
SHA256: eefd852390152281a14e39b2fd6f55291a1b5fe3472f989ebea7008ce95cbb01
SSDeep: 12:4lcK1tDPzrfDKhBynpXqkY67e+FQZWtkA7c8Y02K9mpgMxeD:Sn1JwE5qkY6K+YykWc8+pzED
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.52 KB MD5: 57a54fc2870102b7fad4f54b8346fc38
SHA1: e4e28e57a013a01d5615f58f0346b739520fb2f7
SHA256: 55dfb52231ea7dcc1f749bf9c3b1350f0fe2af47fc654feb8e3020573d5afecd
SSDeep: 12:xjlo46qnDseoIN5a6K3bNRnJGbRUHHl57c8Y02K9mpgMxe6/0E:xJoMdoR/3btcUHHlNc8+pzE6/0E
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 24.88 KB MD5: aa1d494ae8abc56f6e03f86741f80074
SHA1: 2fa74221612c64829532e340d93b77e5d22323c7
SHA256: 4cbf8afc12aaa9dff86c434cc5abb0084a4f861690b9c17bfc4735cd16dfceae
SSDeep: 768:4yKZ4CVP0O9GxP75XY+7ta7MY5MQq2hWUK72n7F:0ZTP7o5XY+7tQMrQq+dPR
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.56 KB MD5: 2a5365fbddd845208e8e15532f29d98a
SHA1: 297e7b6a8fb227ffbf9284473d03c224a2c9a1b8
SHA256: 603d287eda6fe962b164551171769bcc84129f93622ed80d4b0cb2083ade6137
SSDeep: 48:SIDGQdh1aWx8uZUpjAJkRuz81pX4Nfypk0zkYr/dL7x5CgtqvdlWtKUiRCZLzDKD:SyduWx8SkRn1VtzkuLfV+dl1xWXDQ
False
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 74884de1f67a026588e55a6647534f5b
SHA1: 5c66dc4784edcee330b06d529bb152de77e8db4e
SHA256: bdca490596d99b7dbaaa3da9f1c168bfd4edca42d4fdaab6adf6b1af872ff617
SSDeep: 1536:E7y6LdIMW7bDhZIelH7XBlplMhR+Db1iWeArHta6hbLFBMM:E7yqIMuHfIeXBlpMd4NaYXMM
False
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: bff5e3c93b02fde1e9a950ba79d982c5
SHA1: 72d11b49faa94793266371e052b562d106932d2e
SHA256: fd0009a741da1ab76167f1c20f2899ffbfe9251a69e83dbb5791d68762d9ae81
SSDeep: 1536:GxNFsZIsCAjXwZGx3eFmjmLKXhNW9rDK0oVJEJYgFKrFOV:aa6saGFROZ9rRTYeKhOV
False
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 8be9a39bf51af931ad862ce8caca57a4
SHA1: df7e9f52bf0bada7e797f2fa76f237e48561a936
SHA256: 63843d4faf701f72d85f71a8b250e0e037f4f14ce1c0dd692ae89061eb52671b
SSDeep: 1536:P2FQmy4PeUS8FKqhPiSt0ds2yGvGBZNMpE07orXSVW7Axk4xTDGQgr42E:Pzf4PeZkBik0W2yyQNLGorXSV+Ax59pP
False
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: 4c59350ac4b21993d015c3c523f26e54
SHA1: 35b52acb5c9528ab067fb837f6f3bf5797e5133c
SHA256: bc2a0aba644dc6caa7de6e634dac46597f424ea84b09f68df16ce439f79fdbe9
SSDeep: 24576:uS7DCIRjivDs6SevwD0rlkYn2uqr1YPRIKeYY5ujuwvja:lZ6Y6SFi2uqr1U45un+
False
\\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.64 KB MD5: bf88efbb94a165b13e02a2fe4317c7fa
SHA1: 84ccc45cb0019e18a2e0f5c2211e83f66b66ddd2
SHA256: bacdf40218225e935f12481f003433df19da6070a3ede2be061558fa0082b552
SSDeep: 96:l8pytzSF7ZOdtcM9WnAnorPq/ZrHyXRi6Z4ay2imNc/WcW72ReE:te96tcM9WnZjoHyXRNGRy/jxE
False
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: dab71507a67ab4e1f903ae9d2a197260
SHA1: d20efd9a8c0a5ecf330c1671536b6b847f0aaf81
SHA256: 65adf5aec5d2b8a773f0554e0ef0eff73cfe4d6d10fa2ccc2b0f233cbdc35533
SSDeep: 1536:2ypa4Z+7QddR8hAtQZe3POAtap5l+aQvL3KT9PnsVfs:fg7EdR5OZePOdvcL3KT9Pnsxs
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.30 KB MD5: cee72bf3312fbd14e653723f4c7b299c
SHA1: 404fa92099b75b6dee2d7693744e57aa8791cd34
SHA256: 64003eaa71cfaefd0d5647ef51d81871f8396998e14fd981e42e2eb5eff68d7d
SSDeep: 1536:fHRNflKZOQFfrqeWKn6SnQzs/uCozuOzb79DLHwsE+7AaAyhvVtWJ4QilB4:f3flKZOQ5pvvnQzs2CqlwZ4ADyBfWJ4q
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 28e92b072125d30a08c5e278b9a07105
SHA1: eb7d80339c536fa996c36b8063aa348479166f1b
SHA256: b36372fe824f214262df1840f56d1134892c0d618985ddd9c925487893f3d2c4
SSDeep: 1536:pLD7FgzWTu8yrHbbom4OT3aZcIAKu2NfY3vg0KYQ:N7Kiq662buEn
False
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: b9043fe9cd9b096b303c173c3d3ff6a1
SHA1: 988c9af795aa0af80164266170dcbea7c8bcfa58
SHA256: ee29d47630574c373a72e4744124a814edb3b92bcb41a56363e2cc7af02fce15
SSDeep: 1536:qW+9gCLMeYPo5vSsCuXM8Tl1/x0R2sWswEqAxlaWPC5Wb+B3xr18E4:qmu86LCCMcl1Z0R/WsAYj6BBGE4
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 13eff6938bef7b7a81f5620a64681bfb
SHA1: 072805c182759c3759441b3796f89fd36b7c7ed3
SHA256: 9bad330c21de7dbf2ba16d6497c8cbac2eb8f7a1e77e88441d1bf6bb2d970053
SSDeep: 1536:8DoVUD54MbEk+q0mQRM93eLlRTLv2F6UpL0C7D1HiE9VttiIUA:8UVi5Ik+qMK93eLcPLb7oQVW/A
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix 588.30 KB MD5: af64b2c59ddc46e02469c49064e56d8c
SHA1: 20129b98200a84baa238df0e3020e3776ae39367
SHA256: 821e4b0e0ecc62b4ea6d6573e3c5b01d0178a149a53ce0031c78e49d6eebe0a4
SSDeep: 12288:PJDMZAJGPmj4MfY857Atzr67+HRLqqrpW:BDMA14N8utRXlW
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 406b242ff0f5fc6952025d62b537e705
SHA1: c46047eecb9a91ae5adb8349bb591e7ffc3a8083
SHA256: 1ab0b4add939afd22f73347d75e8a78ef99e9ed339b66ffca57c17f503232cf7
SSDeep: 1536:lcX+2EEbFiwnHtdc10kdXpJ75jJz0W5gRlXe6o+7GeEYu:lcX+3ERhHtdcpx9JBgRlHHsv
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.36 KB MD5: adbf4f91daa3ef331150fa33b64c7137
SHA1: e85e550b9016784d2d1d3b67849dcf6b3631b5e5
SHA256: 03938515355b359c8fa515b4a98ebd6c99865d0c70278708894af24efe495bc4
SSDeep: 1536:8iesFFFKod2b4s6EV3uuv7vbaLjZn7T7mK65oSQh5Y16/cRRNerZztrs:8aFKoEbV64Rvv0hmKB5Yc/yNmZztw
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.38 KB MD5: c1b5d21fa2c350b08a65b496d39fb0c9
SHA1: 61a57c221c22d42a914ace48246070550e8ff7b4
SHA256: a548a37f828eb4e6f1955dacd1ac4efd991e69e6b6727487655523e3ea894eb2
SSDeep: 1536:9FBtNSH4h9k1V3WP/ozpxLoCWjjkbW0PMZKDUXi7lfx1+fCmQb:AwJP8xnWjjIW000DUXQb
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix 588.47 KB MD5: 81100aabf0eaf464727034d457700780
SHA1: 7e177f0963fdc56fa7af89f4fbc86c560ab5859e
SHA256: de14298fee76d852d36945f410fbe5ce8579706d142035bf674e5691c7bcea7c
SSDeep: 12288:5YpmngGoDRKkl51XkQnBdlFi7sXhP++Jz5z9GpQ4PxjhhiC8uJX:5Ypmg1DsCRkQFFz5z9GKYxjXiC8uR
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 2.60 KB MD5: 8662dd7ac27e1915012ccc42b12b7f2b
SHA1: c18b3c8ecb436b64337379e6822bef5e4baf3f6a
SHA256: 493621d6ab4f3b6287f907bf5c12b933f24824999951ede2622f85cfbaf81206
SSDeep: 48:VNy4hpoMAYO8zHUcIpu6LGJnsIGDiZASjU+Zv2YAqp5Y93IOMKD:VI49AYJzHEzCdsSz5NXTY6FQ
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.64 KB MD5: 44234c3ca046fcd13fb5316e064f5ca3
SHA1: 955bd45df9048fdf5d9717a544780f0e9805b88f
SHA256: 52915bbaed3dabecab6dc9fecad4b481798b479a3378f0efa282af2f0c4357c0
SSDeep: 12:9qCF7rzinR6nMR4wZmBPT0FwYaNu17qFtNsJrvdRT7c8Y02K9mpgMxeD:9dF7inAnM2w81T0FwfNEkQJTr/c8+pzi
False
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 5d80e00f4167877592edf5b7ae171e68
SHA1: 2ff104c1ec331d0a69b8abe27eed293559e8e2ac
SHA256: 1af6788877032288d530e9e36a3790b49cf73379e2da19b432f4405a76b1db0f
SSDeep: 1536:FJjfrmmtUEMIY3Y2F5dtEDBtHR8Xm8G5NkteCMJd91i0/U:FNymTMBH5S/gE5NU81NU
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.36 KB MD5: 0ff4a8711b73139ec23d4627e2662d17
SHA1: 40a1d36fb0ced55998e6b33b7ee48c7c1a2da384
SHA256: 644b771b4101462a1c2f76a0ad1ccd2b948814f442d2cea71f39daebecef7fb4
SSDeep: 1536:zsGhSBo+qM4D8vng9OxkoT8x393OmcsTJYLoBLvgEx/X6jGa:gvBo+qMRvnO5oIDemcsTqLoxvgE1X6Ca
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.38 KB MD5: 8741f7d8aa360cc4d2c8e5de734b2590
SHA1: 6a40455a6ef2d030f77a922fa58994262987e880
SHA256: 578adb2ed63a437c4a6e5d497a49d3840d0ed9fb20eae763d295871414b57494
SSDeep: 1536:ZtQKyrwMjrErOZ6NMUrIKNcAWr5721Yb0OSnmbFxTEJt8dfHchn:TQvrwMHXZmXZ3W81YOmbFx4T8U
False
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: aa5a9ff066a6eca190541b97624953c1
SHA1: 3f317f02255a28334022e73c14b54861667dd369
SHA256: 1171cacbfa5a14242fd7ac73f807da0ae100ac56f2efd74204cc51e1ddf7541f
SSDeep: 1536:z2mO1qVV22stCWNhfqeNitUJAn9hE1kW7LQG:aN2060An9sd
False
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 0dc6c807f8e42461b3df334ec0db01b3
SHA1: eb8029c9e2405f8aa52772e86bf1aab4aa3eb477
SHA256: e641faf3b6c5ea7408073066c0ada991a408474a4da1dd2c4c70ddd51efdac8e
SSDeep: 1536:Y3E5GzLoVijGyrO35UvCAe9TaIdoJ66uahV:Y33Lkirra9X/6zhV
False
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 65fa33490893a57277d6a25dd016d5dd
SHA1: 6c0e4ef79f89253713ee655f4429b107fa9e05db
SHA256: ee563a5d1a3bf12d566f12dfd3a3f4af9d825106e06948c21edcfc4291cf4312
SSDeep: 1536:4+t0cf8EiOZN6sIdLENhpxA3Qf1Nh7vIYKeB+xP9TmtS5LdVaCG6Y:4A0pEZN6vBENR4QdNhIe4xP9685LTaCM
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.52 KB MD5: d6cf6a9e2a3bdfc857ea93eb8a43af2e
SHA1: be608f554ae9858cffbb6435afafd37521dd935f
SHA256: 24f7fcd84c2ed1d11c8fe6796215b4ec4abbaf32cd5978654b0010360251b3ed
SSDeep: 96:Kqj/I7O7OJqBozpcNsnwt6ozDWGMq5kxH0QiNIeiAU/BjpC75JzKAF/DZYQ:KWIy7kqBJOncfDXP5kB0q3DC7KAxFh
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.74 KB MD5: 6488f1be20b2a408497a03d0088ab219
SHA1: 62c9f6abfa7a929460a8daa50f492747dde10e97
SHA256: 6455f913d88edef56c48291e00c9bf7bcd46913a710b16bd0c1cd5c139a631db
SSDeep: 12:8OIEcI+JLkq1ehEzOMSf6dwZFdV44kqtaCPWXr2rOgyEnbRGS7c8Y02K9mpgMxeD:Q6+Joq1rzOPbFaLirvbRPc8+pzED
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix 588.30 KB MD5: be823e407f6466d106cae36fe98c0b09
SHA1: 7a2fc838bac184c59ac03a58128c50c25517440c
SHA256: 7ba7be01049be4900d0ebde0da1974765e34471cd6428c66a242ba2e98f37a49
SSDeep: 12288:awmuj58oVP10duZnubXvp5WB9nd9Rf0QP8nmnpzmSCH63FiBPU:558oV+6Ap5WbRfHP1pzmV68e
False
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 489a534b8ffa8723e4a5586bbb2cebf4
SHA1: 7fb6f82dcdf81cbe71886736d1fb92ae35f0d412
SHA256: 7fffb96328fa5c5294569445931908bbdc372152f2efd9d41a087c70b89d430d
SSDeep: 1536:7P0PdaIBcNhupbaQo+01dDCXUH/tlN+WvVMwUsftBlMG6lFA/MGE:70PdLe/eG+2/NtepG60/M9
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 0.67 KB MD5: e7cdc87a642c86efef7b727ba9c4e23c
SHA1: 3ed30fde5bbe5128a5670f235a6a515a5f19c83a
SHA256: 6632a24c0fa4c4076dc18f132e77a7a1a496cdb6dbc09a59133a2229d1f0d6cf
SSDeep: 12:RuZ2/G3eJbGKs/F4V3+DiwIR5w5zTiAul6s/9K4O7c8Y02K9mpgMxeD:t1J0N4VRis6y9K4sc8+pzED
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.png.id[B4197730-0001].[absonkaine@aol.com].phoenix 5.52 KB MD5: 9de23fb20513fe511b247fd063f34e9f
SHA1: 8545058933fb403290288dcbd8917304bfbbc33a
SHA256: 8304f7d5aafad0475de26163690fedfccf216f4b3a39ec816b2c93eced258b7f
SSDeep: 96:OEgfbsfhnTE/J6qgJv6OELfG/EpwTjHZDJOjfrCXj0H89gQ:bkbqT86yOGhpU+rrCXAW
False
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 26a1e0e597488d4acb73e10332c8793d
SHA1: d9331e43bc58c4e92da5694b61e35adbc6fadcf7
SHA256: 890ba8c12ba91ec738422bdc1d02950c1004060224494cde358f075e100eb427
SSDeep: 1536:nFkD+f3AmFIuDljjndK6MiJSVnwbSRYIqborWXl/5B9EU:c+hFIWlXMGS/loRVRLv
False
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 6437616c1e1ab25ccbf7307d6db3a841
SHA1: edfea44f2fd1704231149bfbe06cc3043180b7e3
SHA256: e56648345be56a6d1235a4a82448e796e072ed3cceaf414ad0b31c72afa694bb
SSDeep: 1536:8h77YvoQpsiYGlbEMMPBdlJGb3wRPwYa4GBX4EWXt/JN1fEYqmYeS2aK:8h77YQIEz3Gs2B7MdEWS2aK
False
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.33 KB MD5: 709d5fcd3acec1201eb2dd525b5aab0c
SHA1: c35c29b456309fdb0c868b20fdca7c47dd07857f
SHA256: 62ef52ebb2eddc3c3a9f19279bd060bfde2e3ff85d512232aeeebe2f1569cac7
SSDeep: 1536:ksEUUDiG12TiXvlsbfFcK8aPpM5ExV6NsJboEs00:kVUWiG1tsbfFz8EquKNa/s00
False
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: 1a5a6373918367c2b0fadf4e5194320a
SHA1: b1db2acd448d9faaddb0c22e3de73b388736edad
SHA256: 4b9ab719735e3c8a0dcf3531adac8f851c5c804b84bd8030080f4573648c0aa7
SSDeep: 1536:j1g2AFiCbXzEX5np5HJzPPkn6Yz5BK087r01zAWwShELF8FvLo8S903mTRb7uZ:j1g7iSXU5HJIn6Yzbc7rnWwShELF8ZLl
False
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.39 KB MD5: 4c0f7cff1b2fb931b535d23e0ca83921
SHA1: 66c182f1344b3e0c9f2b8ee7d9eb000d7bbe6ff3
SHA256: 2745bf892da2fcaf26a9f82f917cc4816aec31127eb62fb0e7992d3fe9f8be54
SSDeep: 1536:jqVrjrbRQVMBCypj1ZaRqEDxYQ2GvZCodBG9KJR2k5:QjbRQOYuaRnDxJjjK+R2K
False
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.35 KB MD5: 67bd2f5c0718563233d854d77a5651dc
SHA1: b8e9bf49a8308c73f2bece2362d2231790dabc68
SHA256: 08aa85541a5fc7bd8ff8d6cf2cf0cb5e3427f66879467f296ee36be763278254
SSDeep: 1536:PqnmwE5gCIFwQAG5QSwP06Sat4MxNqDaEXXxpxXFkl3zqMrQh:inmFgCIFwW5YcMjexRpxXGJqMrM
False
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: c41a24c3f3985b643dcbfef0a9735f90
SHA1: ccbd23d480c44f1734d2e476db179f7c1ebc96f2
SHA256: bcd8afc0e9bcb4229ffbc1a459882b2cf3b4a155ef801c0fd54179c10596b82e
SSDeep: 24576:HUdjdPY6FYkPEWji2O2M/U6vDjwk0uQP1If9ZEJ4J:HOdPY6rPEGi2On/U6vDp0D1EZ64J
False
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 68.31 KB MD5: f8547935c040a2b9af22e7005b1dd660
SHA1: 3fda5905518a1e865ce2c947e52bac8bd1079329
SHA256: b9d46540598962ffdcfdb02943cc116c32b4c277e4bacaa40c628064e5e6a5f5
SSDeep: 1536:PwbZdSqQJvZCBe36PpGE3XpgE+Mask222QekU45EqVqp9lR5ny0jW:PwbZ8ihPIE3ZJsV12kgQ0S
False
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.00 MB MD5: c2dbae2edf8c680cb4400965d92e4137
SHA1: c1145dc60b0ae73b5db1587238e505da62024fd2
SHA256: c2f95af5b65fa4c27d6e7d3bf1b38c9e18a9b7f4b59ce5973f095f6f890748dd
SSDeep: 24576:YyvGOUGh2Snygms4WPyDYInJFrC0x2jWCisocOuzcbEZTgyg9WT7uO+g:Yy95h1mc/yUoczcbEZZzXuOt
False
\\?\C:\Logs\Security.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix 1.07 MB MD5: f83aad681479c296c73d3af0aaa34e4c
SHA1: 5fa5145ee23d599c34bccff0029220f703b83955
SHA256: c56463f1893e8f9f3818ef7216df49e36b2c2edd1dfe3d34bac439f3e1d9b2db
SSDeep: 24576:zmca0mSHl5s9Hkry5Me3YghOh4vQ/NJHPO8EJFndV9e0cbbFmJrApout6:5arSHl5CHkO5xpG4vQlJvO8+Vd/7cbYt
False
Host Behavior
File (5050)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\BOOTNXT.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\osver.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\parse.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edb.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\FD1HVy.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.15063.447_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.15063.447_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\9E2F88E3.Twitter_5.7.1.0_x86__wgeqdkkx372wm.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\9E2F88E3.Twitter_5.7.1.0_x86__wgeqdkkx372wm.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\CortanaListenUIApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\CortanaListenUIApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\DesktopLearning_1000.15063.0.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\DesktopLearning_1000.15063.0.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_10.9.50.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_10.9.50.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Appconnector_2015.707.550.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ConnectivityStore_1.1509.1.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ConnectivityStore_1.1509.1.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.1.25002.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.1.25002.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_2.3.7.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_2.3.7.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_1.10.22012.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_1.10.22012.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_1.10.22012.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_1.10.22012.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.2.24002.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.2.24002.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2015.6306.23501.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2015.6306.23501.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0001].[absonkaine@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\Absonkaine.exe source_filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe False 1
Fn
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini size = 1114368, size_out = 370 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini size = 1114368, size_out = 1476 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini size = 1114368, size_out = 85 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini size = 1114368, size_out = 2598 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini size = 1114368, size_out = 796 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini size = 1114368, size_out = 170 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini size = 1114368, size_out = 576 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini size = 1114368, size_out = 338 True 1
Fn
Data
Delete \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - True 1
Fn
For performance reasons, the remaining 4034 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (20)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 52564832, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 52564896, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 52565168, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = Absonkaine, data = C:\Users\FD1HVy\AppData\Local\Absonkaine.exe, size = 88, type = REG_SZ True 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xfb4, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xfbc, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Module (28)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76680000 True 11
Fn
Get Filename - process_name = c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Absonkaine.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76694ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76694b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76694b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x76694b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x76696b30 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x76696b50 True 1
Fn
System (84)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1000 milliseconds (1.000 seconds) True 82
Fn
Get Time type = Ticks, time = 143312 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (47)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #13: cmd.exe
593 0
»
Information Value
ID #13
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:54, Reason: Child Process
Unmonitor End Time: 00:04:47, Reason: Terminated by Timeout
Monitor Duration 00:00:52
OS Process Information
»
Information Value
PID 0xfb4
Parent PID 0xf9c (c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FB8
0x FF8
Host Behavior
File (503)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\WINDOWS\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 19
Fn
Get Info STD_INPUT_HANDLE type = file_type True 10
Fn
Open STD_OUTPUT_HANDLE - True 52
Fn
Open STD_INPUT_HANDLE - True 213
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 188
Fn
Data
Read STD_INPUT_HANDLE size = 1 False 1
Fn
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 7
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 58 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 42 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (8)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\vssadmin.exe os_pid = 0xc44, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\System32\Wbem\WMIC.exe os_pid = 0x9ec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\bcdedit.exe os_pid = 0x778, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\bcdedit.exe os_pid = 0xcfc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\System32\Wbem\WMIC.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (4)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\vssadmin.exe address = 587668865024, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\System32\Wbem\WMIC.exe address = 534080389120, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\bcdedit.exe address = 603203604480, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\bcdedit.exe address = 475732447232, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff92db40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff63e4c0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92b820000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92b83a990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92b83e830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92b83e300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92a120a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff92dbe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (48)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 16
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 5
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 5
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 5
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 4
Fn
Set Environment String name = =ExitCode, value = 00000002 True 1
Fn
Set Environment String name = =ExitCodeAscii True 4
Fn
Set Environment String name = =ExitCode, value = 80041014 True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 2
Fn
Process #14: cmd.exe
336 0
»
Information Value
ID #14
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:54, Reason: Child Process
Unmonitor End Time: 00:04:43, Reason: Self Terminated
Monitor Duration 00:00:49
OS Process Information
»
Information Value
PID 0xfbc
Parent PID 0xf9c (c:\programdata\microsoft\windows\start menu\programs\startup\absonkaine.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FC0
0x FF4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
cmd.exe 0x7FF63E4C0000 0x7FF63E522FFF Process Termination - 64-bit - False False
Host Behavior
File (270)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\WINDOWS\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 14
Fn
Get Info STD_INPUT_HANDLE type = file_type True 7
Fn
Open STD_OUTPUT_HANDLE - True 36
Fn
Open STD_INPUT_HANDLE - True 107
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 91
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 39 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\netsh.exe os_pid = 0xffc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\netsh.exe os_pid = 0xe04, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (2)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\netsh.exe address = 56219992064, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\netsh.exe address = 634608734208, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff92db40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff63e4c0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92b820000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92b83a990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92b83e830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92b83e300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92a120a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff92dbe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (30)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 10
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 3
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 2
Fn
Set Environment String name = =ExitCode, value = 00000000 True 2
Fn
Set Environment String name = =ExitCodeAscii True 2
Fn
Process #17: netsh.exe
85 0
»
Information Value
ID #17
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:56, Reason: Child Process
Unmonitor End Time: 00:04:36, Reason: Self Terminated
Monitor Duration 00:00:40
OS Process Information
»
Information Value
PID 0xffc
Parent PID 0xfbc (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x ACC
0x 9F4
0x 4E8
0x 3F8
0x 2E4
0x A48
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
netsh.exe 0x7FF695CC0000 0x7FF695CE2FFF Process Termination - 64-bit - False False
Host Behavior
File (4)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 2
Fn
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (22)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (49)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff929fb0000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff928600000 True 1
Fn
Load RASMONTR.DLL base_address = 0x7ff91c010000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7ff92b100000 True 1
Fn
Load C:\WINDOWS\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7ff91bf90000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7ff923df0000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7ff91e850000 True 1
Fn
Load FWCFG.DLL base_address = 0x7ff91bb80000 True 1
Fn
Load HNETMON.DLL base_address = 0x7ff923de0000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7ff91b770000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7ff915d70000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7ff91bf40000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7ff915d00000 True 1
Fn
Load NSHWFP.DLL base_address = 0x7ff911ca0000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7ff91ae10000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7ff91ac40000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7ff90e6b0000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7ff915750000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7ff90e470000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7ff9159c0000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7ff9159a0000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7ff915930000 True 1
Fn
Load mprmsg.dll base_address = 0x7ff91b4b0000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff695cc0000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7ff92b100000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff928601310 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7ff91c025850 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7ff91bf91430 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7ff923df1610 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7ff91e851100 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7ff91bb811f0 True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7ff923de2060 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7ff91b785f80 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7ff915d715d0 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7ff91bf410e0 True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7ff915d01250 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7ff911ca10d0 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7ff91ae111e0 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7ff91ac41010 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7ff90e6b1680 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7ff9157514d0 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7ff90e471320 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7ff9159c1030 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7ff9159a11d0 True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7ff915931220 True 1
Fn
Get Address c:\windows\system32\mprmsg.dll function = MprmsgGetErrorString, address_out = 0x7ff91b4b1040 True 1
Fn
System (9)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 33, y_out = 841 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Process #18: vssadmin.exe
0 0
»
Information Value
ID #18
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:56, Reason: Child Process
Unmonitor End Time: 00:03:58, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc44
Parent PID 0xfb4 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C38
0x C68
0x 9F0
0x 4A8
0x 9E4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
vssadmin.exe 0x7FF6617A0000 0x7FF6617C6FFF Process Termination - 64-bit - False False
Process #19: wmic.exe
162 0
»
Information Value
ID #19
File Name c:\windows\system32\wbem\wmic.exe
Command Line wmic shadowcopy delete
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:57, Reason: Child Process
Unmonitor End Time: 00:04:22, Reason: Self Terminated
Monitor Duration 00:00:25
OS Process Information
»
Information Value
PID 0x9ec
Parent PID 0xfb4 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 38C
0x A0C
0x 874
0x 878
0x 310
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
wmic.exe 0x7FF6F2F00000 0x7FF6F2F7EFFF Process Termination - 64-bit - False False
Host Behavior
COM (7)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create EB87E1BD-3233-11D2-AEC9-00C04FB68820 EB87E1BC-3233-11D2-AEC9-00C04FB68820 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\NQDPDE\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy False 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0x7ff6f2f00000 True 1
Fn
System (3)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Get Time type = Local Time, time = 2019-04-17 21:31:55 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Process #22: bcdedit.exe
0 0
»
Information Value
ID #22
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:24, Reason: Child Process
Unmonitor End Time: 00:04:27, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x778
Parent PID 0xfb4 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 950
0x C78
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
bcdedit.exe 0x7FF73CD20000 0x7FF73CD91FFF Process Termination - 64-bit - False False
Process #23: bcdedit.exe
0 0
»
Information Value
ID #23
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} recoveryenabled no
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:27, Reason: Child Process
Unmonitor End Time: 00:04:30, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xcfc
Parent PID 0xfb4 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D08
0x CF4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
bcdedit.exe 0x7FF73CD20000 0x7FF73CD91FFF Process Termination - 64-bit - False False
Process #24: netsh.exe
87 0
»
Information Value
ID #24
File Name c:\windows\system32\netsh.exe
Command Line netsh firewall set opmode mode=disable
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:37, Reason: Child Process
Unmonitor End Time: 00:04:44, Reason: Self Terminated
Monitor Duration 00:00:06
OS Process Information
»
Information Value
PID 0xe04
Parent PID 0xfbc (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E00
0x E08
0x C18
0x C10
0x C20
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
netsh.exe 0x7FF695CC0000 0x7FF695CE2FFF Process Termination - 64-bit - False False
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 3
Fn
Write STD_OUTPUT_HANDLE size = 306 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (22)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (49)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff929fb0000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff928600000 True 1
Fn
Load RASMONTR.DLL base_address = 0x7ff91e6d0000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7ff92b100000 True 1
Fn
Load C:\WINDOWS\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7ff91bfb0000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7ff9285d0000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7ff923de0000 True 1
Fn
Load FWCFG.DLL base_address = 0x7ff91e7e0000 True 1
Fn
Load HNETMON.DLL base_address = 0x7ff9285c0000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7ff924030000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7ff91b230000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7ff923fd0000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7ff923f50000 True 1
Fn
Load NSHWFP.DLL base_address = 0x7ff91b5a0000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7ff91bbb0000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7ff923f40000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7ff91bf90000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7ff922110000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7ff91b720000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7ff91bf40000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7ff91b810000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7ff91af80000 True 1
Fn
Load mprmsg.dll base_address = 0x7ff91af60000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff695cc0000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7ff92b100000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff928601310 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7ff91e6e5850 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7ff91bfb1430 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7ff9285d1610 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7ff923de1100 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7ff91e7e11f0 True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7ff9285c2060 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7ff924045f80 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7ff91b2315d0 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7ff923fd10e0 True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7ff923f51250 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7ff91b5a10d0 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7ff91bbb11e0 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7ff923f41010 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7ff91bf91680 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7ff9221114d0 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7ff91b721320 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7ff91bf41030 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7ff91b8111d0 True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7ff91af81220 True 1
Fn
Get Address c:\windows\system32\mprmsg.dll function = MprmsgGetErrorString, address_out = 0x7ff91af61040 True 1
Fn
System (9)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 1316, y_out = 366 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image