c32e2cc1...f169 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper, Trojan

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x39c Analysis Target High (Elevated) costelloh.exe "C:\Users\FD1HVy\Desktop\costelloh.exe" -
#2 0x8f4 Child Process Medium costelloh.exe "C:\Users\FD1HVy\Desktop\costelloh.exe" #1
#3 0xdcc Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #1
#4 0xbec Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #1
#7 0x714 Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #4
#8 0xc58 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #3
#9 0x6c0 Autostart Medium costelloh.exe "C:\Users\FD1HVy\AppData\Local\costelloh.exe" -
#10 0x828 Autostart Medium costelloh.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe" -
#11 0xb60 Autostart Medium costelloh.exe "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe" -
#13 0xd2c Child Process High (Elevated) costelloh.exe "C:\Users\FD1HVy\AppData\Local\costelloh.exe" #9
#14 0xd5c Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #13
#15 0xd70 Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #13
#18 0xdb8 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #14
#19 0xdc0 Child Process High (Elevated) netsh.exe netsh advfirewall set currentprofile state off #15
#20 0xde0 Child Process High (Elevated) wmic.exe wmic shadowcopy delete #14
#23 0xe48 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures #14
#24 0xe58 Child Process High (Elevated) bcdedit.exe bcdedit /set {default} recoveryenabled no #14
#25 0xed4 Child Process High (Elevated) netsh.exe netsh firewall set opmode mode=disable #15

Behavior Information - Grouped by Category

Process #1: costelloh.exe
2045 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\costelloh.exe
Command Line "C:\Users\FD1HVy\Desktop\costelloh.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:42, Reason: Analysis Target
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:46
OS Process Information
»
Information Value
PID 0x39c
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 37C
0x 174
0x CC8
0x D4C
0x 48C
0x E0C
0x 8F0
0x 210
0x 2D0
0x 394
0x 490
0x E40
0x FB0
0x D78
0x 8E8
0x EB0
0x 4F0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x01210000 0x01225FFF Relevant Image - 32-bit - False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\costelloh.exe 71.00 KB MD5: 0f1a299cab0a4c43e9dcf5617b22042f
SHA1: aafe3ca9cf265d56eb273514335f1f3d392811dc
SHA256: c32e2cc11f4ff70164a316bbb62771b8b8c48561822f7ea016237a6a5fd0f169
SSDeep: 1536:5FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKbNYdRmHC2nap6P:5YPxAwtPtoe/zLaGmCZrqcbSjm1ap6P
False
\\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[costelloh@aol.com].phoenix 418 bytes MD5: 9d45cb06c285145854e64d7bb6644311
SHA1: 0d9e6f9305afc541f942288c18c4375071bbe0a7
SHA256: 0a016e7f3169e069414e110f8df79abd3297f904bd2c05279a173dead52a74c5
SSDeep: 6:7bVcpvuxa8g9taNI85hsaH4exwX9Z2z6Hp9Zi2+4kITbgPFhu40CN5bC2h0hol3A:7eMw5YYjX9Z2z+ZP+/ubihKKYYqVyKmm
False
\\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[costelloh@aol.com].phoenix 322 bytes MD5: 1a51cf671560b7ebf902e5df8fb81956
SHA1: 3fc794200be8ae26c503cc15ac9b6848076a33e0
SHA256: b3edf7794c6403bd946aa7610a3b7bc10f8aa2ccabbee663778cc0a8fc2e2277
SSDeep: 6:y4RaRipThAEPoy8DY2a7U7rqRpVlWZull+O0CN5bC2h0hol3xqNbybE:y9YUD+Wkgu/yKYYqVyQ
False
\\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.36 KB MD5: 829846eca5ef2c568657a1e4e1fddea2
SHA1: b3e180aa2246478056396f257033571091f2a683
SHA256: b7c2f39c2bb00f55fd8fc6112d9ea5c9b78cd44a2ee193fef31413d5756ebfa5
SSDeep: 48:OW3P+SqycFYALVxTZeXG3+ZiCDRyqm8/GivzpB4aPeTEpD5E+SJ4OzLlM6jcELgR:r3WHycLLVGGQRprpB9cEhqLHONEcaID
False
\\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 78.03 KB MD5: 4a8f2b7bf94c2222637332db15819f90
SHA1: 3720e3489e37e3702a0bdfcba01e9efeb0755678
SHA256: cdcde35b04ac7692f455e04ea4c381a7d9435ee82c9149c2a06b5c5ba9d30193
SSDeep: 1536:t+gGbzys2GjnI1e466eEr4qcCKqXxx/S1N2sw/fy07cQrfRjPgZa+:txGbh2Y+C6eEr4qc3Sx01N29/fz7cQr8
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: a0151d3c17564f919a199a5ef4c3aba0
SHA1: a411408a256187d3d8209138e8d36524c2792d32
SHA256: 511321e3e69cf2f7897307b8329a2106db141f7651b1e0016aee854b8453b655
SSDeep: 24:7uEaRB4RrA+WOqfeufAsERQ1WtYKzaPrEGLrDkLHDJxEYnk2zXP0F:7uEXrSTfeiAskEWNAQQYQYjjy
False
\\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.38 KB MD5: dbe2742986d687f5eeaf12ff31b21bfc
SHA1: f39cbc25eeae8208975d3f71ada4ff97deaa4b32
SHA256: 21c51163c0b1793e1dc79a3f867afc4972d605d1b2b4bbfc977d4bc87dadd7ac
SSDeep: 24:058BHtawduW1EryCalG2qddlsxpoqt5BLnT2gremvlHZCNcSneDd6uC5aXpL8X3y:05etacCD2AGpocnhTSFeZ6uC5+L2dYjf
False
\\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix 40.38 KB MD5: 7b74d28d4e2544266c69156fac428ddd
SHA1: 4f38cf3a81f6e4c606f222d1527fd0f9c426ead5
SHA256: 7a4019e9ba5122283864a83ffb07de508183ae6f65e1315472b307834ab643f9
SSDeep: 768:/2Zx0PDG4nlY6Syb57ql/LWk8/jysvHdOLs0nJiESYiwckXsp5qNbvjDuYt7efgK:moi4nBVWlzO/BHdXGJiESYXLoqNbL6qW
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 23.25 KB MD5: ec8db3d191c12a3cde2f3e6d847ee944
SHA1: 8795e43277d3d8a8203e2a4f1d684011ceabac2f
SHA256: 34256d1dae255b014665641bb17ce445d55b519e17af01551b7438a9118a8840
SSDeep: 384:GMU/9EaJWw+YOrVqpXeZid7oJrh7eZHU+KE7OdWdglk6dcxZ61WRHRCFfRV:5UVA6OqpOZid7oJNey+vs2gS6gZVoF7
False
\\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix 5.71 MB MD5: 806957d85452b99eea124d003aba3521
SHA1: 5116a824f97bc0a7d39762a7761d4dfb2f7fd857
SHA256: 083a994cd548b67ad51b649a00fed013287eed332dd3752a6bb5de318ffb6c33
SSDeep: 98304:uuEAUjb7BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKx1LTEMWY:e3PBkOK2Knq45mY4H5OMKkKx1PWY
False
\\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[costelloh@aol.com].phoenix 6.16 KB MD5: 295d8953519b14a8b4cc5fcf0d2c5af8
SHA1: 30577668a577d819d5df024ef0db192f59c7e917
SHA256: c191b9fdd24fd28927a1f0109a47b14a7e36acda415950e871176ba199942d59
SSDeep: 96:ir/QjJT/AwC771S5fERcfV8eBijHUNS0gt3dxcDBsqz5PZNT7i24KRRf/Wy:OINx/M+NPBgHaS0Ec2q1hJBhRR3n
False
\\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[costelloh@aol.com].phoenix 41.97 KB MD5: 16a3e2d871ce9ff43ca0cded6f5814d7
SHA1: b6b27343f5b616fd13c23a4e600887feb28abc98
SHA256: 903e056dfe6b8df9b34b545227a6e7a0fa01f6c4d8c580c94e56a61c4905fe96
SSDeep: 768:Pkv3n4YPWlrs7VjK1zSgsyXG3a43lMPoWgkmivmfap8HY8FLfEls:8vIYPl0NsQG3a3wfmvmfn40Els
False
\\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 140.96 KB MD5: 6537b10e1ade871a9a101ff11a530544
SHA1: 313d461e5ea48e3de6af5037a02687a619ef4bfd
SHA256: b6a1c863059c4adbf5d035517e5f4d5f0fb18396406cf33da5c5a685add87efb
SSDeep: 3072:Xy2UhrvLX2kfoVZzbhjFfxBEieLeBwCd0DqpazCw5bxpXn79WU:XythrvLX1gV1hjpoi6Fua7fX7L
False
\\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix 866 bytes MD5: c920b5da3a9d76e47d3dde1bb6950118
SHA1: 4d7d978890d407cda9033e7acfae7de9a7053222
SHA256: e5d2fdd99a44ed5dba293cb2d6a5d817376a57e0b3987108f09ffc083e8ae274
SSDeep: 24:QyYSRcBH4mewJ2WuoiJag+5xNt7TLrPxEYnk2zXP0M:QyY3YObuaRHuYjjz
False
\\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix 322 bytes MD5: d3db69a9da70f1bda8e46098013c5c6e
SHA1: 79c24edbf0f46052806de4c54a258ea580445b9b
SHA256: 7eb386dc0b5919194855f240c5eef32123a66880e709328aba6afe97c05a43da
SSDeep: 6:KiFoNtxMdPbNqkpXOPnGf/tqygL1//TPJhQfenKMzQ6zK8Ggw9fQxOfzjs2wP6bF:/ONtKdPbokpePGHO1//TPvQmnKMEY51q
False
\\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix 578 bytes MD5: 769e64962dea4934dfd65594293d0c44
SHA1: 977308a8712e9510b61fb419e2adb0e5dc1cb3d5
SHA256: 13fd271d4bb29e098b3d0e835baafb50f17fce9415a30705aab3b8a2dac6ae09
SSDeep: 12:go7z5Ka4/m1qm5aQ5rXYqkcpjwFVvSqH4BJ7CZ8FEnKMEY51kfeOfzI2wP08:t7E+1qm95T8vSBJnFExEYnk2zXP08
False
\\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 14.10 KB MD5: 86e6ca200d8991da474e36fe3d15dc05
SHA1: 4496227c9be5a0a1ae856c6991fa28445a605bc8
SHA256: 5c0ffc115c71fd746871701ea1ec4596ad08bfcc90203fa834506de601935e43
SSDeep: 384:LNQAgGHsrLcVC2yp5nbtbQEwY3NzGaWqHpgUW5VS2CXb:ZVfHMoVCZTnbtxpGbqJ0TSdL
False
\\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 17.10 KB MD5: 792d5485204f4bb61ddb2e22bc335575
SHA1: 73cef1c0f68c561db1482552063ecb79d53763e4
SHA256: 55b3156272927d32e3889a51f39944b28a6a14d9aa8806187ab2510b1bed9174
SSDeep: 384:312SxS+aGqDggPb293h75com9F2igqDJS7IS3XRVeh9J8qzDMHyb:ASgtGqDpPivNa9FwbXRV2C9G
False
\\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: 04f4bf9271443579cd89d7f939e0599d
SHA1: a128dc1f6034eebf072f07651601c1e1bad54af3
SHA256: 4611c4da500b825f7ca0b41cebd67e1188825a1ec7040f67905ca0589508eb9d
SSDeep: 384:7JATtHpo+jVRzZLSCXqJCW3pg7G05u+lQk6Ehn4pDPRGepHFw3GsWeBsGlYb:QS+pLD6LCbOIhn494eJFOGEeGl4
False
\\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.60 KB MD5: bf9416c812e12036bbbd39d3dd81af6b
SHA1: b7af3179f4234a3ee8195df16033ac6743e7dde2
SHA256: 6391133d0f49ac56c07687435ac1212a2015876c59e08958ed8eeff6fac4ddc3
SSDeep: 384:F446H0KTlc8impriKDP2W8Ic+m64AJ/p/fgcGCGNyDUiVlXKMMb:V6H0KTPimp1DsR+m6tfgcmyDUiVtKMM
False
\\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix 386 bytes MD5: 8dc7db96b27767438683ec0f872bb945
SHA1: f8276c92b6c3ec2c5b3d8a02709cb75679491f73
SHA256: c9362b7657736248f530e096d1f699757b58ae847e84f91ea7695e6ddb12005f
SSDeep: 12:Pe3f6Tbd/P5hCiJwuqt+8OsqWaKYYqVyr9:PevqJ/3FJwdSsqWaKYHg9
False
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix 386 bytes MD5: bdcaaa3f6a5c54abd6765c6f43c10e4e
SHA1: 6bc5c0b6bfd15f2fd6a77422c012090e82cef425
SHA256: 63b7eabd6e3fe7e6e5844a110c75d32f505ecc77942b610c8bf2c7ece7d42ac4
SSDeep: 6:9YjwcS7u5Y/MmhJkxmIL3CGspRmCFYNWbGNSIB0CN5bC2h0hol3xqNbyr9:9YjwcS65SMmn4mf2ZA3KYYqVyr9
False
\\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 7.63 KB MD5: 0a0f89e421aaffcc8e811ddd1b832eb8
SHA1: e6b0fcc1287b86adc906db1b4818b4d91c4fdef3
SHA256: 7747129a7cf99761608a499d01393afe41d153eed48d27951de9b6d86d310c09
SSDeep: 192:ta2DufF88UnlWbKv3UkLMqG2mQpARJsla09uzTmRkFh/:RufF8QcEkLK2HAA/0Pmc/
False
\\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 72.74 KB MD5: 83f7f13584c3c5f5a814f04b0734fe3e
SHA1: a64271d26ea17ea0969a725d4327b88fce039cd8
SHA256: 0d2855af7e98b5f4ec9bdc10e43731758fe84dd8c570235ffb061105d784e9ec
SSDeep: 1536:PPDf251EEjZiVEc2pT+9MMF+PEjA5r3i/Q3mfkSi0CCObm:PrK1nVdZ+MMF+H+/pkSzp
False
\\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 6.41 KB MD5: 0c5de035b6b3e8b3a0de2e16b5d4f391
SHA1: a557471818eeddff6947b7ad5f6cc4b032b9671a
SHA256: 6fed17125128499e9db2a1445fb5769f78765148010eabe41da1e5f2678d593c
SSDeep: 192:Ux7G4OwVfRNeLFtAmqpEhPx42ZTGX3MTu:a7GkALFyWhPxvWgu
False
\\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: 7a32888de0ea3eb7ba1f04aaaa7b7294
SHA1: da196083129f9a75bc76569c5f80546b1ef3fbf6
SHA256: 57c8d2313f10b0d5b683c21f02de7ae188c1bf42ded4cb7e4e1a67917054218f
SSDeep: 384:9IgkCtiUjnN0ULkg1Kj8GZdn5GNlrdNj9ViF3gAMVnK0YJC38CTb:9LiULkQYhjn5GRViF3gASK0YQsO
False
\\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 19.10 KB MD5: 72be43943cb4f274424c69904ffe8061
SHA1: 0f0499fdad938c5a25eedaba25c1d52fa6a82a23
SHA256: 79eeb6091f94de36ff8eb0741ab3a02beee5c94c7cd2ea4dfc2a0c16709e9a45
SSDeep: 384:xrgLJeSYcAbhnu9RdWtJ6q4RoPIGAgVQmOnOLuGf7CE+MbxP5mcVCB4/mjHH6Ys9:xmetnu9REtXP/VQX4f7CPMbxBmcVoLjM
False
\\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: b94f2763fd220a954953ddc337316ff3
SHA1: 6ce3f89dfbba142fd28612a86fe81fa3f63f63b9
SHA256: 9dbde2da378b2abde79f89fd3931a5837bf4317db068409185803fe573003d77
SSDeep: 384:Q7egodmRczCiK4h2tT7S8VtIdOttZz9mC5gpEtEZKhCMTWeAjpUo5GCb:Q7egojzCN5tIdOt3IpgkreAFUot
False
\\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 17.10 KB MD5: 3f4f60d4b3c30e6460a9e82e42c79ae7
SHA1: f1c1803b09a74ad8fd2b09599b1a8d919e6e0c34
SHA256: 77d8f6eae3656f0329e6fccf6993b04cc7a14e36a95b80f9fe3ce4ea078f15a1
SSDeep: 384:p6gvUbtrAuTRt7o4/Ub8EMp7pfA0yW8yb:p5UbtrA0k48b8HpVfA88m
False
\\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.60 KB MD5: d94f7704ae96be40835a8ea7e4369e7f
SHA1: df7131036175b23053a04418c67d187ad989e15a
SHA256: fe71503841307328c92e60d2d0fa2f2c609dbf3351bb26721c540d12463b74d5
SSDeep: 384:IUoNvr9YXJ6W9qibd10d1HlNQoAjzke+Hv8mXssg7If9Vp/R6Vj9TRPb:Ivvr94YWAQdCnlNQ/i0mR4pz
False
\\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 59.66 KB MD5: def4d747eca9d232c7f6dbab9290cc8c
SHA1: 25b460b8f9f27212f298d344973a980a145d6008
SHA256: 5a8582a19ec164a8bb936d7013ee20fa214e2e7308ac4a650ea3cf3f09238a89
SSDeep: 1536:zEXfdz+6o7jXfyJJBy037lqkJUgfPwhJAMNeJ:8dqTHXajB37IkaIwhGMNeJ
False
\\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.88 KB MD5: a2987800c85cc336fb6a9bce371fc44c
SHA1: 410b71de28bb437d06de9748fb22ee4bbb880cc4
SHA256: 4eac6984a1323392800514ff773c1bc0a51e3abe8b6882faa6db2f3d0c577582
SSDeep: 96:xCZWPz/8K8k0qQUDmkaNbLxLf9eOJdOjg56aD:xCZWPIIODe0dmkZ
False
\\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.49 KB MD5: 8def526628c539eb9e5a42f484f1f57e
SHA1: 6a14160dd4b3ffe6dd504f0d9786e6aa6b676a74
SHA256: 898c21aa5f6db98d3a0d799b120f2fe15106d9a01c5db7ff84e19e9081dc36f7
SSDeep: 48:QlsRT6XBYtuwRozhVQyU9CykccT43BXWCt7GuSIErR67NpfEEak89yiijo4oIAYi:Ksp6XpwREQyUqAGC5GCuuNWrpcluIAD
False
\\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 79.33 KB MD5: 793ccc465b8e535c07d5e454b8c3a9ff
SHA1: 3a64121b9f7b889e0dd2165f13cb9108611035f9
SHA256: 0e5a3572197ed32c47b2fbf842765c37463dd3963f4174de0f0ecc44471d7465
SSDeep: 1536:Z4aU9AUyXYvZgsLnZETRrf/fEmijuuA2sDznDUUw93+SotNxX:0XyY/cR7/fEm/t49uSo/xX
False
\\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 76.19 KB MD5: 7c245a4aa6cd0761d18343f3b3a2fda3
SHA1: 03eb2b9a4df8696cb4681cc18ea652def9872837
SHA256: e00383d61a89517c10b8a601740d7b078db3190aa4177d1134c1adfaf0ae47cf
SSDeep: 1536:z4o5yBRrMuxnQ9TS+2Hz3JwIdu5LDxqoKCfNTK6lYqCuZ26+k:Too2nQuXzJrE5xHFFlYqf+k
False
\\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 80.67 KB MD5: dc6fa05ce5a2accd7a141200a0175f17
SHA1: 90315fc91302e03db54f402e137707bbd03dde72
SHA256: a33894e05ac66b23cb8cac5568cecc1d63e0c0c433f3afc596404e9b0f46bfd3
SSDeep: 1536:tuKVEfUDxnbGpEB/HCU2LJYNl8Tw2ys0Ed088mrPcsWOc0Lc:tu7fEpbFB/iUECNl8tgEG88mGkc
False
\\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 16.60 KB MD5: 65d8c23c7fcc2b8d201b0019b50a59d9
SHA1: 01561e046f986802aa5005076d284090f3ee5867
SHA256: d3e27070685ddc065e114e10865d9b71fbf34943a37652bd0dd3cd0848d1e5da
SSDeep: 384:onHJAj9GcKjfhi3KijFjS6toHhKnH13feqAxb+JBX/CfOjyUb:SHyGliaYFm9AH13frjJBX/pjyk
False
\\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.60 KB MD5: ad11ee204220a4b0938018fa1f7ee3ee
SHA1: 499628409ed90a9b46834813da8fc917da115a2f
SHA256: ed0d5749caa3a2480dbd643be448c54425aaaa4baf676fa4878a83e6fd490d37
SSDeep: 384:Qkkkny//JT8YayJYVU4bDhAWZqc4KXDMZC4R/w4W4eVYcZTsrgMFZ44FtnC2Db:lk7//JT8YdJgU4bjx4cQCg/gia6jhn
False
\\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: ef701f20f5058677d0a2ddc253635a55
SHA1: 2cb6b8927c27edcedc0b6022cf4f879c55433072
SHA256: c877536b71ec8c7b32ca26d8cce7c4ad59cb9bc2adb13a7a79a12dfc3a8a67ad
SSDeep: 384:mtdQE8/CTZ/mIgAy+JmFOXB58pK6luTu9gVpU5EMCZMo2FkCM68zGab:mtd58/CV/zgq0/luq6U+5GPFkjBB
False
\\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 15.60 KB MD5: 6afe76d1ef93b94229eca42ba7b5e461
SHA1: 55561fcbb28df5c6cb76e64f4cfb01592c6b5e5b
SHA256: 1194e3bd98bd8a5be567ed442756cf09eb49b087d819693236ca823102ec60c5
SSDeep: 384:k8daYgypqGyc2JbU1ia/qqAWlXkCE+MArnz6QImgb:kZPceUQ/KC9
False
\\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.58 KB MD5: a6e79dcb6dd468b3f7c47d9d382246a2
SHA1: 4b967afb6f37f8b3a13cc49cc6b30e31e5428a49
SHA256: 306c336fe52b31675f94b4571ebd47df24d406988d9bead8a05a05bbd0675277
SSDeep: 96:SA1jlq+/PKSRcJfC20WbldbN9wkH8IraHhcGJCOHDpIJ7wJgD:SKk+CFV0Sxzh2cGjHmio
False
\\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 15.10 KB MD5: 05aca157194956c872a94dc4817ac44e
SHA1: 77c24a670a1e2412e841d40349fadd1b46d611d7
SHA256: d6587f1ab2f7ebfb42436936e2bb877bd0031409a0816bb6c2a4334f84d2f7d4
SSDeep: 384:mQ8Em7DyHF1kktyF3zIMMoO91+MS4mub4/XQlfeRoJb:Rk2HkgRMMoo+Mma4fBm
False
\\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 84.52 KB MD5: 17c5b6e1b45240015931ee97581afd08
SHA1: fd031c2ca0893824bd45f3c5c12cd3ccce994f43
SHA256: d966c9c010b6882830f4f094611e35d51523907ad70ec7a9149d59ca59bd150b
SSDeep: 1536:2rLDzH5MnUGVMU9to3YSdNxBATkg3OnU6D3oLLEckSXqP+OXuC:kT6zM8ooGxBkkg3uU6D/ZSCD+C
False
\\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 19.10 KB MD5: 2c37dd024f7462b14a661c16787af25f
SHA1: 699a773ccbbc384de24d54cce04ea10ebce054d1
SHA256: 2d0a8b7d58875b19705bd2dfb6ca3e82d8fd36b2f896a769eb3e5d93ace7cd52
SSDeep: 384:Gr2UoY28/GYCvcvdhUl18XolK27Ctq/78ZMDyzpqb:GKB/sQgdjXopCta8Zyyz0
False
\\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 8.91 KB MD5: 19c39d98cd161c9f421192f172ad40cb
SHA1: e983c9281291d9786237fab5f5454aa48d67758d
SHA256: 3c9393ceea7f73874e043ec9d21e1c099e9e7c34cc6170c1983ed9d31d8f6387
SSDeep: 192:pawSCpJX6fkX07cIzFPw8k6wIhVHRzf+GoY0V5mYHFK8A1S67XL3U:wUpJ68Sc4FPwJghVRr+/mYHFK82ZXLE
False
\\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 17.60 KB MD5: 7848d59a8ef75ab837c3a7b694cc4b48
SHA1: cf0af11fc43cfe909a81d0a0d2865f9a0ac4bc8d
SHA256: ea0b6c71bce595fdb5d14935f313a438b345c06ad177c14fa77c04daa16c04a5
SSDeep: 384:BRO1liYkS3/T7gvfzUil11B/Vgb5I91f8qdLKg82aOjV1a6Lomb:XO11177gXb9DG5I96MdDVLv
False
\\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 75.69 KB MD5: 865aa503431f79261f9ba045ac97c60a
SHA1: 17be0c7f71f2077882d240e24d9998dfc511816c
SHA256: a14091f4c2b7e7bc06445fbfef4bddf06440ab14640d5a534bc8ade55ce5692a
SSDeep: 1536:rFZzlI006Mhlkr1z4eH3PI47M5VAeGDHqu0RhGhuPlYXC/:RZzlw6H1z9/f7wu0jGg+y/
False
\\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: e253972f4031ead42e64015be513c6cb
SHA1: 9437b0704d499cf510835b865e1571905d775c5f
SHA256: 5cf7c097f07fe49b97408898f86d0c64c6e0a31ece48e8f5872c979a2c136d81
SSDeep: 384:R52Xb1tnto+pFpxp8ND76ZZgvQF1X3kujWg3iqm7U2DbWUMqb:W1XH347GZg2J3Vx/m7UwWu
False
\\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.86 KB MD5: 314a66e9dd81b76619998bed77a06a9d
SHA1: a36b21f9e872cfaca4345a8f64c2a8575de1172c
SHA256: 13b6c99dae643f3e0f71d058e084417fcfd68c2bf28f14103e56af768ffd1694
SSDeep: 96:HR3JqwLU21qK2XCzqR7k341I6OJKITBTZD:n5LU21SCzcQ341I6OQe5
False
\\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: ebcc30b6d4a3293b313b4ed27409e5f2
SHA1: 92931033728c30bffc316f3db61267de26d07960
SHA256: 333e14a1b3f8cb59b41ff6f78d01d244b5d2f20587821df9274fc3c826e41341
SSDeep: 384:JpNc3/cGB6LSzd1jgW5/RM155KhKAVmKLXgXW8KJXCR+kC/h4peE7Lb:mPcdQAW815SoKjgXW8KJTks2
False
\\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.69 KB MD5: 15cf306f7c37c2f44b12dfbf86c1e880
SHA1: 8c518fed92d1b76dbb4f3548886e5c740f480ef9
SHA256: 4a6833e9c226d535da7820e033e96f9e162ec7349e89f42857177345e2fa5348
SSDeep: 96:0kHOynB/f2ZGhj1Vl022C99fgfATwR5ZfTpavLQt03eD:0kH7B/f2ZA90/Cv4fIGFAM1
False
\\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.10 KB MD5: 3e961bd39a78cc29b4f70992922ff25b
SHA1: 2be7d902c36e70fd7f809973763bacc0b84f9cee
SHA256: fcd897a68a1ec387ba783381347efe3911d5c47665be58633aa2b631dde1c016
SSDeep: 384:y7FXo2Vo1K2j1MR+voHtK0hEG594YI0ViLF8WMfpb:yp8K2mR/KE/59bZiLF45
False
\\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 75.47 KB MD5: 372037655aa93d8503548890526a626a
SHA1: 1cddce3e85437aac05c5dfa6d2224604c63e44ba
SHA256: bf240a568c605c77a56bda2636fde1a468947091e01d840a250544fe424e97ad
SSDeep: 1536:4vdeKM7yLRTYVERpzJWvVHypUgWkyT/ZBRgciYnSCKeiEr6TU:4HLNY6/JmB6UpNB+cKPV4
False
\\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 81.28 KB MD5: 57ddd8f1637ce7accedf32fecc894767
SHA1: 0a7075e029c3717fb145d3cabbd68197c2e86277
SHA256: 92fc343f3fa4f0173dd52cbed8b85e0d538a3bb9889f7b2c680ea7e8ced819f1
SSDeep: 1536:4zNWtq3E+adkU/n9fKeInMEv93m+MuAuUFLSq9mo+5sV9W6NnxBL:9q3EkU/9yvt1Mu/UF5mo+GF5
False
\\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 6.94 KB MD5: 6883d4164ab0bf4a6e64ab8b7200c0c6
SHA1: 9cb948edaaa6b1d19aeb3300a405e5a81946825c
SHA256: 229b604a38ca0e978e427516386eab074ddd4a2287ea7038ec066b3c5e524c51
SSDeep: 192:AWDiKkColra9tWO3WlAzlX1eCuLM/OducyFv:EKY1QWSBl3TguLl
False
\\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 70.64 KB MD5: 26c9c091e60e5a23c8af392d6b70c44e
SHA1: e67d807e74f89a4eb78a0b2ddfe500e143a20c1e
SHA256: 05c58c8355929594da4195a003aec347e2aa3d52e083ad4e9d121ba97e23597e
SSDeep: 1536:K8JYGMSNdUywWxOZ7rYLn/XaG0YvjwYpOQO1RCRurYr:K82GrNn9OOTCG905euI
False
\\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 4.39 KB MD5: 1058aec2eb904d94bc9ff4a1eeb4beea
SHA1: 8fddb6f3826453ef1785e47f9ef236b53f416401
SHA256: 82918f451c135974d81e510f9a8c7c3a16785bc66caae8d005d3b23243357f37
SSDeep: 96:kh8B9LTIDHn/fwqQbpMETpP9MJ73ZfXE/0U3dXYGPV57TZsdfD:keEgqEMH7pfX03d3P33il
False
\\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 84.67 KB MD5: bd290d28868abcb4ce53732c7280ce40
SHA1: b36e83e12f5454f2c094fe8487525c1f1b2cf732
SHA256: 46d49582564ae8a1208d181f18887a1e76b24a6058610cdb375f7133c2e7d823
SSDeep: 1536:oP8g4Vs+wuTRDBQQyP42PW4mAc8zW5AnShd+JuKMzXCjxqab6:oPRtSV7Yj7G5MSaMz7w6
False
\\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 78.44 KB MD5: b7072aea422e5265e6f8e14eb21e48db
SHA1: 2b442eda919a81af9e59aacf0cb9ba68d66ef8ee
SHA256: 1012c293e970c14068acb0663929253cc61e40d0908d8f1fc2c0740a4b11784b
SSDeep: 1536:t7ZNpwse0aQhzHX/tPc4kunuOwvQfKO5ShrmUhbmMYtaCejpecKeI:tGsN3JvkfOwvQfn2rYMFpqeI
False
\\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.80 KB MD5: 88397cbe30be8f3c462afda5b3c3ea42
SHA1: 2feb70225982bd344fe1d9aa14ddce83cdf957fa
SHA256: 846db52ebc5e2d44171883d82aaf9a5a6878b1ac27c4cab74e273b35e9d6ab78
SSDeep: 96:v1JAnMfARh315lNp5kIe97XqBAHdSw3aEb6y6D:9JaTp2IegBAHcwqEI
False
\\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 10.13 KB MD5: 4153f84b271780541f0b2350bde9a38c
SHA1: 60bc8ede719332c17e159e9abd07083247b794a8
SHA256: 2d0b1270227698d1082ac44f3a213028899b674d9042f6468992c6f997b4fd81
SSDeep: 192:6FjdpQS+TdKsS0Snbp5XY3RnltClt7IU9X22xRPXQRywSYv9VR8291wpjth3:6FTQpTksx+3XY31s7IU9vxyRyBA18Xpz
False
\\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 66.89 KB MD5: 65dcb6f6b73b994352083ede90a3bf8a
SHA1: 8bf3cf18e0f78e51b41101e63e60c750dcdcba5e
SHA256: 3ad3f27a602f6f730f142b28d82899b1b37b13e9f88186fcf0f959e630c01b83
SSDeep: 1536:Xm/15SyKTu/ikSx6NYu7BJD4/Kf2mvOFJhCNTBA0G2lsrm:2/HSJutSx6akqSf2OlPb
False
\\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 63.97 KB MD5: d96848863a6cf8db13edffffea7817e4
SHA1: 602892b6c5ea08257e84cf7da8140b634eceab5f
SHA256: 49751c4cdc577672528e27d49414deb138ee047b5202fba64a295a5a601bce90
SSDeep: 1536:trsL5duOW4SrUxD11rQorpeDMremRH1jv0wkld1qKOF:ZsL5kHrrgD117rMDMrV11jv0BdIb
False
\\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 12.63 KB MD5: 833ed4defe3da80b617245a7bbc82f1f
SHA1: 9b0e6ed9eef0b97a52fcc73f63ada17c559b463b
SHA256: 695ff6d6fb32f322e0a828af9f5be49dd684b95420c9a657f1647bb16a66be2d
SSDeep: 384:yFn5oNIdGq7FJidv7kvGeNt+oRfrIdqZHk5a7:yjoNIEq7TiBQvzNEyoqZEs7
False
\\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 17.60 KB MD5: c4e3cd0c031066b15faceffd174b875a
SHA1: 32043b783f206d722d5b6faa5a448e3284da9cce
SHA256: 74670b013b07386a7f6ef2c1eb92960b48a4bda49aee0a959d4853bc2f27ccb9
SSDeep: 384:07663RgY/jLNzX+6rx1TroFlVTS/xg6IFdf/HwqdQyn820UJMb:0eYRN9X+6rHTroFG26IFNwWQyEx
False
\\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 17.60 KB MD5: 65a4d120543a152b48786b3c022d0987
SHA1: 06dc37f246f97bb3d881b2c4875f787977e8e8a5
SHA256: 7ca137c664af000a4975af5fc293c5f2c373bea23a5bea6c6c4b88b080a50c60
SSDeep: 384:rTFMrDHdtfFmFUqMBozaQd0AWz5CtI2WyvL7HDf0pb:rTaEFg2zaJAWzGI2hv/H45
False
\\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 14.10 KB MD5: 4a0c430ddb8f9665d01899eb2337f205
SHA1: 6731e882019e4408afcacabe363a245dc35801a0
SHA256: 9921d8936217ba873c46387f45bcc3e2ed437023c950d33c2fd1ae74530612fe
SSDeep: 384:h3xrWKo9zlj2LIaljqHPOZdOz2daB0l0b:jrWhYk6jQPkdBUyE
False
\\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.71 KB MD5: 45e48b0ec78e0c79df97db999f302695
SHA1: a072f6bf10b8f9761a7ff2c68a9913f86a7b196e
SHA256: 7f9d24f930370d4f97465b16a5f4399659e4e1f14e8d3349846c580e0aa175a1
SSDeep: 96:+JK2y2keYaRN3wNXFBmeCu3uFT1oCayXNDnLD:6K2NNRN3ob3uZ1oS1P
False
\\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.22 KB MD5: d5975be5cec2af26275d544465e362f2
SHA1: 18fdce14345c09115c25e60cf85659eeb3df4833
SHA256: d7ec87fee4f56aa23945fbfaf5b615e895b4a889f0b824294c09aac88a1b6845
SSDeep: 96:q9q5F74mjh1908jRQ6rnqHQQ6d7sh3YBK+3uyD:q9CJn908WynqwDd7sh3YrX
False
\\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.60 KB MD5: 8367a09eb507429f51f72dbe6a121262
SHA1: db6b998c763f1741269a23d03ed2cb0f9c3edd30
SHA256: 2ae9ec78ae015c4e1bb5fd7b705e34eb93632753b493b7cca9ab818071ffc4f1
SSDeep: 384:+dMuQZ782Z20reHDfuiLpwVnjKL8lHi9YXKgrRZNcL2TW+eb:+i32sreKeSF2Ag92562M
False
\\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 77.71 KB MD5: a188a39585700542ec0c539bf2e8649e
SHA1: 976aea8a418b61fa03e01149db0f1fad2879fcef
SHA256: 36affd2893f94e5f0cec7bf36700c8f648a8b1c015b04617c2eb1a25b0817713
SSDeep: 1536:3bZRvzBygn8zLyZbfos5N95KgzljM0Jr7A0B7c9FjQHxewqs1BCJZ1gQ64/YnRlF:3b74gnBb75N95c0J46rvCFg34qRWiZCA
False
\\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 4.19 KB MD5: f082d248f9a1911957a177a12dce1714
SHA1: 23a0cef368662a2955267eb3896fc727726e78de
SHA256: aa722ee03e9f8dc5e049fd76c3ff7184f8b6775ad59d7a42c37f5e06d2130e53
SSDeep: 96:+VwaYhu7sjEXoNqnGRiy8HgDzThAgzrW8vJCNPzvwgeEPwfNtD:9JuccoNqGtD1XCBk5EPwf
False
\\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 80.71 KB MD5: 88ad31697d875035c5fb229ad9091918
SHA1: 7f7ad6402ca98312801c1c237fd448bf1630811a
SHA256: b6763bcbe330a242b5ef22c2deca48044ad0efa1d23e37edc6322d561449cd8b
SSDeep: 1536:ZKSFf7c5RHoSg0GZrE2AxGjjWA7u0jiW/m6p7TNLHZ6y642AS9VcyT:ZKeDc5+Sg7ElxGjqk3ReC7Tj6y645SsI
False
\\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 14.10 KB MD5: f1eb32264321eae68a83ad4401270f12
SHA1: 922be053f2dd1d286e3739dd251afe547e613b35
SHA256: ce2889ea6e4fbc215ea121169bb7974fad50edf892dd051da8bec783bd2c71f9
SSDeep: 192:Y3E3PKkF3zvG4P7lcOYYRyUu1dtMIxO5x2cyq/rVCRZ+lH+yLyd2OCpw6tSHOyfb:nPKq+OYYcdtMeOnX0EM7rCjkHOyfb
False
\\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 79.11 KB MD5: df4bfc0ef371c0645abf3c2853e4618c
SHA1: 4bffa0725b5f2e6b523aced0f410ec3fd7429fe5
SHA256: e7d2006e9fa95bc46080c5826c5e619387dc56cc3984c9149a8bd4d3c9048308
SSDeep: 1536:jmLEzpHtT0lCHItYot4It72xstZpUEUX8VI5QyShPaqJXk3EkcnA4:jaapN4lCoeotN2x+pTYJ5qhPk35cnA4
False
\\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 53.42 KB MD5: 181064531a9f7cb7522bcecc1f6d0e4c
SHA1: 1f2c12530a4c0d7854c8d7df7d95871b193722ff
SHA256: 83b197298df87e88c38cf2c24faf063f9525d96c863a1d5f80ca8471ef159883
SSDeep: 1536:a70suSI6jiZJwEdRzrJBsB7Q4vJQIpqQc2:00suZ67o/Lm7QO0QV
False
\\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 18.60 KB MD5: f808ae34710de5f4a9e610e6dc87580f
SHA1: 8bb9bb7fed3805510a271c623ba6460ad7891e01
SHA256: 1d809a7930c26e2d3bed83467ab74ec8e168456422c8f4a071d286ef65027de9
SSDeep: 384:F57Naci6J8is6z18LU6e86GzttfbIaocy4swwDZdOCmb:x+u8iHVmt8au4BwDZsCq
False
\\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.85 KB MD5: 8f37f579121254425975fffc18622e19
SHA1: ea40bd02aed370b66f96a3c8f9eae1e5143b6041
SHA256: cabf634570abae530615b1bd8c199a9144ce27ffa98f732ab1280115d01862e3
SSDeep: 96:ssdL5ztYXlT5IYmeTLmk0Qlct1+4BSq9/77E1TCSBD:ssLSiBdk0P1HdZ77yV
False
\\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.36 KB MD5: ade845a30bf80af65b85ae42ce5a08e0
SHA1: a9c4e480552b017ccb13ed441a0307bad1aaa8ac
SHA256: d761438ea0cd73f8542e183e0fa4ecd116a8d9fa72bb2739a7243e8cfea626c6
SSDeep: 24:BCF3z+FTYFBmBZiknP5v8cwAFXhsMssRxZiEa6HMlfvQ7I7SxY6fxEYnk2zXP0F:kF3z+iLWikP5iAsRCX/slfaIt/Yjjy
False
\\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 86.71 KB MD5: a3c32e3dd44330c67919e6127892a7bd
SHA1: 35b948cec7b2e2bdd2e75767aa58064eb17bdb51
SHA256: 2a50e16ab74bc86898566a180ed00a04bb336996dd01fd7d1c696c17709d2849
SSDeep: 1536:yg0O0Dx+4qjH9PSkIl7thOUzy65DsFWS4zxB3d8EPjjLM72zltCuz8rKQeqKei:H0DxNqY5VR7DsK3dLnMizfCq82QeqKei
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: a9ca78a107dec5b524b73cde004906cb
SHA1: abb6e80c0a0148c6398c380aa22c19087e9f1e97
SHA256: 29e8fca6327d8af0c064afa76202fb1404838cec7d51e2d32575d5dfd42f3473
SSDeep: 24:s4hp6Q0tFZGgEeXbpVUfE6IIizp96JywLwxRcRhzI5TQbJPlxEYnk2zXP0F:RIQ0TDEeXtVUf7IeJywthzI9QaYjjy
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: 78598518adac6346287f14dee4fe7558
SHA1: 6dc82867e474a3a5aa624b96fdbb7663973eedfe
SHA256: b5e2f6219ee0ffb249b3aaa66e75bcd8955dbeee14a9f1277569de30961137c0
SSDeep: 24:JRlOifaaciIZ/CVK9A7HV3l8Tqf3QRGYNZkhcfxEYnk2zXP0F:JRlzciIA7V3l8BbKcSYjjy
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: 26155fdeb350f7f88fbe0e990287e7da
SHA1: e71f2865fcb16b91e1761f46a59bb17d5c8cb1a1
SHA256: 6aa82bf88230461f052911b35906e36436757652a1431650c7412ff69e1c5dba
SSDeep: 24:ltxjgfmGwPA3kJ00IYYk+o/yZD54KrsGLkxEYnk2zXP0F:lt+DVUm99kJKZKKYGTYjjy
False
\\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 4.02 KB MD5: df4df6455385843de3afe25eb56be998
SHA1: 17be7b86c65a5c95e2ecebf61bd28de9448f040d
SHA256: 440fe835b074da591d18bc947d127443b6be5203d98f0973456fe9a5c3d22978
SSDeep: 96:Bq4UifaaZgZWZZhnHN3IHHv9iVy+yd8W/caD:khPxWZZhnHNYHHliHy8W/N
False
\\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 79.83 KB MD5: bfc0437e948fa58dacac4acc9386ddb7
SHA1: be8041f1b43fabc6b7e0498afbe7b2b35ce99e50
SHA256: 1534dcefb272a462d2031c2488c88c59dd2ff7c404297d26021690deea8adf59
SSDeep: 1536:W8Ze9O/HiTsctkoNcLu7yuCWXMv5KsDdA77p+1OU2D3OIQkoAdKRt2UGQi:W8ZJ/HIduoGLkyuCyMphA7o192D3VQ5s
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: 65f628e27dbe3c1c26f57314fbbc1c09
SHA1: 75455915f464b35484e6c0d9710954d77c2b5bd6
SHA256: 35be096cd50ce1fc62a0bfe491ef1ad7c09d1223809732532e2132775629f444
SSDeep: 24:ojqru9bc0jvhJWWWwkfxd0O3eMEQ5+w1QUA4i2Cosm8/VtTJb0JxEYnk2zXP0F:oHjvLotxuOOMEQ5lQX4i2Cor8/RYjjy
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: f515f7a98f62a681da0364a019a0f836
SHA1: 84a9d10c9d21cca2d2e23e0bc5d7bf7e41420491
SHA256: a0c9229388920145a943cec6deb4f3b49db45083e6378502446ce398eef0b201
SSDeep: 24:V1R/ILhPgrP+3xvEiVLC8Sr2vAgoyIX7eGxEYnk2zXP0F:fmCKLC/MIXilYjjy
False
\\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 76.13 KB MD5: 9f7dc72bd5e91616a86f5d8ba48aee6e
SHA1: 185b3f4dcb37e61d8a5e2ab942c315858e276945
SHA256: 2a9b9313c0faf9ac4d24d99719e6b9d99eec710a3655d076956b4bbc0b49998b
SSDeep: 1536:KZmXrJg3nmOQRCsSnULZyc94xxsvth/ZUD9w/uQNM3Kk:uiriXm1RDSnULZF4xxI/upV0M3Kk
False
\\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 75.28 KB MD5: ab4a756abf196df8e73b36f8c3fb4d90
SHA1: cb59f73dfbeb799d66d6a5055360c4a387d22d7c
SHA256: 7f4c7000ee6400d203e84ce2835e3c7e44589a14ee77eb5d0a61afa0ca3b9466
SSDeep: 1536:HuI8iphCdFSaWYOyHUQPvi5UAI8EtKZMCBWbv:OwwdFSzCUAaFXW1v
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: db037424207bfa6814bcdd6875c2d76a
SHA1: 173b88174884ae2a2d9d306b31f28d9e99103bbc
SHA256: 741cba9ada438f319cee84ce3c6ae19805287ce97e2fbf2a1609b6054dba7273
SSDeep: 24:sZxaQPNzSdGD8ZPW3oLzcoWUwvuj7CqKhnbIuPzXgAGnWAxEYnk2zXP0F:sZxrPNz0k8ZO3WGvuj6hnbIuLQXnW7Yq
False
\\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 KB MD5: 44dc0f584043400af7bed2f0738da34f
SHA1: c3df443009ee9eccfeec0b36a5933ba230eefc4a
SHA256: 532d26e507806bdd83c015de5801cf5d1248ccad65a84a79e8ba413361252e7d
SSDeep: 24:PUh9Do3epg3nHNhzFKC2ZAu0X/5LvuKJWYakQ48lz2rTKxEYnk2zXP0F:PUh9DoMg3HnhKCu0XNu0Xaki5sRYjjy
False
\\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 5.94 KB MD5: 02792e9111c0cc1d5b722ec93e4393a3
SHA1: f6b419c9335c8656fa9164de08bc055e1492192e
SHA256: 5b4fa0a4141e6c853949df0a7ab1e724a590b740fc6a0248b452adbe26cd9a18
SSDeep: 96:1CnF4XjsPMr2ExikDsCpWqYvfJ11cGUlfmGvnMX/hLrhuF8UVI/L0pgl89b9YWzk:1CnF4XjmRExIIqGlOGEX5LrUFDVcL0Cp
False
\\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.36 KB MD5: f246bc22018869733a8bf54e5184d8ff
SHA1: 331eaf691829e3ff58da5978b2c78a50984e267c
SHA256: 3788472042b369792e17b00ab206a5cfa56b918d531a2ceb16197fd6dcd78353
SSDeep: 24:aO7hrsS68hdszxgJbjZ8iX58k4dmPijfAehQIbBBcRf3VUz7gXHYxEYnk2zXP0F:zrAyuxgH8iX2rdEUfwflUz74HzYjjy
False
\\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 36.10 KB MD5: a6b3f889600cd2682427cc1085e98232
SHA1: 60e0f42b2905b60bdf4f05f721ad4bda57c5cbe3
SHA256: 4ae64ce81fa0a5ce65acefa4489991de8a149cdcc553dce39f92c253979215c6
SSDeep: 768:mqGLdfx0Mghl2m5EfWiPPb10LANajdKIr4XasX2rfDODD:6Ld/grEfjPD10LMajdKsjA2rfqDD
False
\\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 59.52 KB MD5: e86ab2dd82a6386babd710291acebaa2
SHA1: 250888a23e0fe135b387bbf6315e61a5ce22fa7c
SHA256: af6d4555a136dd11caa6c616e7e7a6686ebee91a8494687327a23e09c4aac471
SSDeep: 1536:vjIaCTCUdwAUpmQ3wUHsJIjb6gXz8CJ+Eth8bvCu:uCCwL4Q37HP6QoQ+nbvCu
False
\\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 1.36 KB MD5: 8807dfec7f56de30ef4c99f42077a4ab
SHA1: dbdcad31cdd68cb863c419a48fa0c326c90801c1
SHA256: a53d1f544364abb81b45b781bdd755ca580af982a96c6d2f107058277605400f
SSDeep: 24:kdN/K4eqr21uTiyCPuAcop7sAae2c2YzGMu25f85OA+Ff8Vv25mUCxEYnk2zXP0F:cNS4BuZuAcolae2RZMu2FXA+FfAvqmyh
False
\\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 4.16 KB MD5: 5abdef868b0480c90f718f172ccbc8c9
SHA1: f351013bdc23aca824df148abbcda540f6d21194
SHA256: a1944b4d88c35919df82dd87081420c1555e4bcfa82e95faefee7149da0cee85
SSDeep: 96:ujoif5UaPmGyPjyGfuBC9os4RbQC2smqcxYseWO2RzeZFVD:ujoY5rPWryGsC9os4eCxmq5MfcB
False
\\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 10.14 KB MD5: c71a77a59e3b8bd5e6141446ad6f60f8
SHA1: 883c65d57ce73fc72d7b8f1cea87262803eb45c9
SHA256: 51c2b935a221877151daf0d2913660eb23f7d3e5846cecb9ce355bef02ea0c09
SSDeep: 192:yMWYFM4swFZ/KkCpmN6r29PGtjc/dMqV4zjgOgsogBFl6I9/o/xkgrCkZI8PiP5S:NXFMqKDcwr236q0sOfogl6I9/CY8PiPg
False
\\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[costelloh@aol.com].phoenix 10.14 KB MD5: 4dd0c0ccec9f45bd98efd8f95183556e
SHA1: 8f0460b9844633cb5d94d32728d38fc9edecb603
SHA256: 60d5fba79e46688b62e333b42e73359f648036e6539bb626b8338e87279c1e6b
SSDeep: 192:fppV0B+NaUPO+ApKu167JpZ5Qj0kd4hLBA9/8wL0qT3uCvLsDq:fppUihm167vXE0k61AvLnuKsDq
False
\\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 78.63 KB MD5: 62a91996321be9938e6eb21867a5f735
SHA1: 48cd99ee2f7d2d92cdc0745f2215b1db01c00fc8
SHA256: 68ca7c99007c1a160b7d44f27ac72663dc33ab53e3e4d29f802137b94df92f67
SSDeep: 1536:39IXf3a8FNAB9Mcbnmfy3Yrgy3jJHLaTaKKFABTOZq5xSDv:39gfTFN49McDm6IrgfTaKKFMJ5xyv
False
\\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 4.02 KB MD5: ff4bbd6f28cd5cdbf3f7b7ccf3ab7b8e
SHA1: cfa30432208df37ff65eeb39c0bee4f2f23591ad
SHA256: 64c3b08216f0b28324258c0074a3185e4d6431a76d2ffd56347ca30d2e2879a1
SSDeep: 96:om46n3NRuFZO+uSCALeKGlYEwg3Q/l5WH//4D:Dn9kUWlpwTA/l5WH//Q
False
\\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 6.41 KB MD5: 77816fac68ed16a5c63be501777ae68e
SHA1: 17bff95bfb37afe4573e6beff4dd6d431acb1795
SHA256: 74f18cf1128d2fb395308f2ff51ceba7b40cc6b0bfa4c40b649941a3bc6eaeb7
SSDeep: 192:ktKanJAt3TfWLWRVNLZKSuGntUWLLxR4tSgGVTe:ktK1LPFVKPUUWHKwe
False
\\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix 3.24 KB MD5: 419b4b77c3665ae8a1afba2b68af94ad
SHA1: e93320c233c0fe541969de8a1c18ad51481ab4d2
SHA256: 3b05e36f18bc1b7fee7fbec1e3ffd9a26b9ee3e60d5c28476a35ddc0bad2e517
SSDeep: 96:31iDM5h/nlJthDcvAmzRO4qzUccJztwR9LVJng9ED:3AWh/nlJthDIlO4qzpc9tmLVJg90
False
\\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 59.66 KB MD5: 9a16ad741eb60a9f272e96e0fb9388a6
SHA1: 629cf6af7cd4fceced6044a834a08366a8031ef1
SHA256: b966575b5c44d3f10f9bbc5fdd630632f5d57e74ce6005c844ffbb494b1d4d15
SSDeep: 1536:KVVV7RqpfOfV08qVKCsH20yNK9dMCO72zz8LVqJK:4V7Rqc6Vod9GZ+zep
False
\\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[costelloh@aol.com].phoenix 173.83 MB MD5: cc75e7bda8993fedfe1a6badcf08dce7
SHA1: 9f7920f930c3874402c2d3c14535e2bdd1fe4eed
SHA256: e104262286e666244be9b1244b073d074f316420ff783d93d664a93ea8c7c99c
SSDeep: 196608:GV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:z4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp
False
\\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 78.38 KB MD5: 9e8e032a694ec2b5144c3c8699942b60
SHA1: 24fa96245bdcf1835c7aaf52951f735fcf632596
SHA256: a4844e01bb4968d66519402c9fc201f17d8aca49618efd85bac156e50cd8b3bf
SSDeep: 1536:BTgjsUCOIAFTqVg9jYP89yA0v8hg3D5PvyMnS1VCnwg0Y0:BJS9kP8AAROztvyGS1lpY0
False
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 38.38 KB MD5: 9549fa759d81868ca4adb61e5dcdf6c1
SHA1: 2d9ca548a67e32faac81d03ff4149a5fde4b592a
SHA256: 4cde1e3687a6325483c5a5d81894d204636567f9fce39303752c4f56f37332b5
SSDeep: 768:lqG+bcu1Zax3yygr/e9NbgdgXW/uPs5QIxMuIyV2nqwP:lqhbcu1ZCyyw/ANbtEys5VxMxyEq2
False
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 197.33 KB MD5: 2ed6ae8942208836a97fb43c3fe70937
SHA1: 6a2fa97fe3a911cc6f47d596734965b5fe4b12c4
SHA256: c1a798b970e222eebeb9e3c4878c0d4215d460e673d1970395ada24bb65c87dd
SSDeep: 3072:+ANd8mQKodNiBgKaHCGWA7h+2HHLi/uivZQGic1/I99Ez09zaZiLsAwwHfxdSF:ZNdw142HCnoLauqQGBKoE8RAE
False
\\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[costelloh@aol.com].phoenix 16.00 KB MD5: 4c20a755883daa801f3949c8583e06b9
SHA1: 5f1128d60958b058b7eb61a46851baa519a66271
SHA256: cc2a65a60b2b10c13ed4bf822a41503b3af013e0b04074a2d3a386f76ca0b66d
SSDeep: 384:xH/blj8k1K+MbsCE4o06xSJzdvlI1bS4mHbrqA:xH/blj8kczjscdvS1bSpaA
False
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 91.39 KB MD5: 60c47324dc4a7d2b820139c333cb800b
SHA1: dbe9c6a2230acb500738913d250fa463296c2b64
SHA256: 6e2b1db0afbbc68a31b4fc58b240f0ae511de011a191f97f71ceeda390a45ec8
SSDeep: 1536:0qmkEorPjbRkko/K1BUPqxznT4OUGcjyabpOtw4A7vtADYjUKuN3MG2mo:xRlbRkkoifZJ0wcjyactWva0AKuNcdmo
False
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 38.38 KB MD5: 1a6906758f059c8867ada05c1952760c
SHA1: 15c03134bd087e9d2d851a721db3bd565ba90b8b
SHA256: 99712cdd45f4250963d3dc2a7bb31a113a41c0e586f6dd461d328ff08620e11a
SSDeep: 768:TaffDGZzx0uBPU0GVv9tK/0pTnho26e73/Qu4F8+8rwtfTJ1yO:G3CtynVv9tKEueDou+8RrwZTJ9
False
\\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix 3.78 KB MD5: 71bbc6f45db4ede5338a15961061a466
SHA1: ebb20f4d9e3fa86fe2defa74f89c44a13b9c4269
SHA256: 15fed5a4031cdb62f34e37ffab8e724d1e67b53f4b4bb0d8d131f0ddaad1f95a
SSDeep: 96:g/JcXfLIBgnvylxifVOkRlM4WfcQ3+GMN5X92PmV3SD:g/Jefrv0iVLl8fg5t8E6
False
\\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 265.92 KB MD5: 38a64547f135d2c493955acd64a93d61
SHA1: baa9d5686ff66e11fd4395f426b88a6e25a2b717
SHA256: 12f5e29ae060d531df4d4bbd0b76378b49599565800a405c5439ac7d431e9c80
SSDeep: 6144:SLyc6DXNUOTYktSePUK1NZgO3r1180GPwwF4/oH:fzzTzV3x1cr4gH
False
\\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[costelloh@aol.com].phoenix 29.66 KB MD5: 7e10a6b261ff2414caabcdcceffe3d03
SHA1: 107a445410609640c34ff0a3bae9ea149ba1e9cb
SHA256: b3d3f46145e2caab207f239d46680d11cbdd6d05908d933b3075263f7bd9859f
SSDeep: 768:JO9IcKNU7tt7LsK7V12gQhZO0kKyDLaOF5iVOXxgin1ArC:J2IcKNWT7LR7b2XZFiLaOFqOXxlOC
False
\\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 2.56 MB MD5: 4c59b268b2fbe2dba81a0d0b5448594d
SHA1: 3ab59c213ca828350e7a163b29b3d80164d0b9b1
SHA256: ec4c0cd5ca36c305d127ffd36f1b84c1f7e9b8079ce151a958c26f24fcd39620
SSDeep: 24576:nc+BQbPyxbs4rONS5voMfjhOGxTeIaadFi0IxTCsrJDiRk7IphS/+ENWbR/u:ncxisfQxoMLHUuinCsrb7U2s8
False
\\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 38.24 KB MD5: ecad7f34f7f0bac2b5e30ddca0aa487f
SHA1: 1760f654db70cf707d77d7b39cc1b8f7d457596a
SHA256: f2d38910a27bd7e363c1987570fc6c32093f0b43fec9774d0c1241b19e267dce
SSDeep: 768:kKiargsT8zbEEFoJpcR/vnutIq7IKBbpb+0EfAtfTuFhrgdY:kKBgsT8zbLFFe/+3Ys3rZ
False
\\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 14.00 KB MD5: a311d0cc138a3f416d8c2b5664f11365
SHA1: 2edb6262d1d25edab526dcb79e1f0f8707b641bc
SHA256: cfec7d6eb4d625c24a66dd7f9337fb11af4a5e1b774c30422fd3ac476b1e8764
SSDeep: 384:aeeL1+41gY0OtYFkZJ9ReQJn/GMhfXMPefrtUTJ:af+YFvn9sofXTpu
False
\\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[costelloh@aol.com].phoenix 64.25 KB MD5: fe056fff37e9f3d2039e42355b7b934f
SHA1: a2373d1e175f06e24f140d76211833e4ba4c2411
SHA256: bbea5ea2365dc23ad8e8e1b2d92167297c18c3f5fc69844887b2f45955295882
SSDeep: 1536:yhDQKxG9CBn7idGRxV4kDXENVi+A+U13lHfj7Q69pQ2tQDdalYCUK+of:yRQ6QC80zPENs+UffD9baDdPCNf
False
\\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix 101.88 KB MD5: c9a40eb40630ad55186b037e67607f4c
SHA1: 393752c4a2ccbebd43838fd4239b9a5d462b7bac
SHA256: e14c79604b0c2827ff05fa1dffe4e5d166c67e06cb70c1ac6233a43355cc3ce5
SSDeep: 1536:XHN5vc/W1YatIu6Y44ucsV11hsqT/NS4jKeuF24WC9qq2dNiRtBQz6LIMzj:XH3c/W1Yiu3BsqT/sDeQqCqq2WIM3
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 21.85 KB MD5: 0b85fe1f917c477b886b5ae6bb0e96ae
SHA1: 7438a4f73df5a220e95ffee9e58f0ad957f1c1f5
SHA256: f9bfdc0c5f01665973dcd71697a15673cbcad385048efaa5ea381c691ad15aa7
SSDeep: 384:hFl0Yl/vaP54pvANyjxgRT0q1fBfNzJ9E4PQeLBVnnBrBt4dqTbKB3doXwT:hX0Yl6x4pY8jxuT0q1fBt84LLbnnTWdt
False
\\?\C:\BOOTSECT.BAK.id[B4197730-0001].[costelloh@aol.com].phoenix 8.25 KB MD5: 0b0b03aea68711d0cf42011a18bd88f5
SHA1: 14757a42a02013585262f6de038c49403371d29a
SHA256: 8d51fe27f6a5393e05a4d2bdcf5eb062e529df266357e15fac8b8cca2fc7aff9
SSDeep: 192:V7IrHqwpZeRKZl0ptD/lt4V27S4h1FZq+l+SnXsUM0:V7IrHqueeipdlt4s7SwX1jM0
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 20.80 KB MD5: 55fd350277348343647527c01585686b
SHA1: 3c2948901223c44adfd3a95a8872920c529a102f
SHA256: eecdb3f05b21556beb78fbccfc0bea6ea1ad73957c921c3e5cc0979de3291b9e
SSDeep: 384:IWjSRZT6hH81AobnunGw4tXcvkmLiRHGr7pncO0IAID9/9anP/2fjgYYoR:5y16R8RunGLo2x2+iAUU32bZY8
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 862.22 KB MD5: 1d7bd99587a9fa102039491e8f49f181
SHA1: 0969ddf817c0dbbcda7b25cc615153712bf4e35d
SHA256: 517386fb3443771c17025e71654c3df952ea09bd90f8010d25e1ec1769b6c145
SSDeep: 12288:T4BtmV23/+D2N0uU+em6mZL4hNKNUrLPTZW1mczssRczdavO7BrJIlguFYRgppD4:+9/02Nu+p328WnPFczhcxBd+gGppgX
False
\\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 1.11 MB MD5: 136c9536bbfc58fc4d28cac8c1044f2d
SHA1: d2f9ca914a387934b7e39ce7503eb343714e1d5e
SHA256: ac761344c89775539eec247642c7fc3b271778bcd4a310315928235222e54283
SSDeep: 24576:fdQ6lMd1PVy6OJ1hN1Jt9qFqT9l9t+O3xqB63mHnDD1l3:VQ6lMd1POT1CqTr9nx8Nl3
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 4.27 MB MD5: 461132b28f65437a2e4685a02269b318
SHA1: cdd0a06befb333bdeb14ca37e6948a2bcd001733
SHA256: 158e8fba1228fa4770d0015048cfdcceb41cbeed7a77e3e4525cf1eb714fdf81
SSDeep: 24576:pUphLeZvKErxJPiNusUsWwxF7BJTQlDufC5WnoP/EG+X6w5AYawdGDwDnKmUnDtl:7hJPiAA16DF40WnN4hxEYLV7yiBD
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 21.85 KB MD5: 34dc5bcef5e94895af2f953164ec7914
SHA1: eb37d10c289f79ef3d1d3522268df6ea22c0842a
SHA256: 7f879427c82e6f3546352c6bf6291ca674ebf56ac9c9de563d344401fdc149e7
SSDeep: 384:xChnq1d3KxPgPrPRcKSRMdy9O4YAMB912rTsTRIEEh6RwOQb4nOUI2qtI6:Ehqv3W1R8+O4YAMB912rTsSV6ieI2+
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 862.22 KB MD5: 58800157c700b97465a4b61be9f0451c
SHA1: 74ee77828f5c6a36a569be64456ae586a86a9799
SHA256: 61f0e33af0e340f92ca9fbfb21d266e933509773d377db63fc6aa69504987d1a
SSDeep: 24576:mqHiXLEbvyL8efdgfqmJc709VzRF7pVL/980ddI:8bWyL8efdgymJc4tpJ9pdi
False
\\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 852.27 KB MD5: 7195b148c2e534968368827d1b46467f
SHA1: 77cab3fb0f13d9f506fc09935c716c2a10e33bec
SHA256: 0c58b4ca568aad69d3c2f33a214582ac59500b5b97a4d5878b89e3e244c43723
SSDeep: 24576:PLACX9wVRt5kMxAqkrSTOK77a3KGGEgye:PLAsKBxAnSTO47AKzEgye
False
\\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 484.27 KB MD5: 1a11247bdd62f624c05832334d381389
SHA1: 15ae042b1101534a83ca9e2ee7c29523b1e9e712
SHA256: 93398de4ff6b3d170175e16b44745cbe58a6835d7c40e8d2910559b03ef44304
SSDeep: 12288:TF/ilYDFxtSlHPNpchgy+P7f14RHUGPkITFXcmVuP9u:TI2Pwlj/7fiR0GPkITFs3u
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 20.80 KB MD5: e51244e18bf7d00e1a70b6a3667a4daa
SHA1: eb9b94c75b3ec5957a5a2e4219ecda0c8ba01ef7
SHA256: 34f3d2cde5f5ff9b0b5f2e7502b890c638fa76c65460852fe43279cb970c0615
SSDeep: 384:2HoeGWwkhoONrLSuzoGelsnb4mc2rZcyxSR6D192qBKE5F9lXX04vX:2HkWwsoONrLR6lsb4mcQSQLeOlpX
False
\\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 180.77 KB MD5: 8b86d6af4ea39012ab6c1397769c08b9
SHA1: 356958dd9bac2888e61bcbd8e46a22b8120656a9
SHA256: 1c692ddeb86c259a6b84f1a69b6752dc2f942095e4e39c4c4f4d74b0adfa6fe8
SSDeep: 3072:c+6WPcJ1bYK72nDuInUQQ4iCj6GFn+/3hyVQx1z91bmaD:c+6WP2NQnVK4E6nMhyVcdCk
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 21.85 KB MD5: 17f0167d03705bef3f056b16b99c7b91
SHA1: 37bfc9230952f4d5fa069e5f7d7e00e983225531
SHA256: f135554d07caefd28c5a3dd93ee95981923ff664c2a6be74e3551268ff86fef3
SSDeep: 384:WSKhEwUw4Y4nUcXMMjxlbMTuzeskJ90rp8Kt+RgLF/nzg2jFACdxChFy2:7iE1FY4nJXdxlATAnVPzg2jxdxChFy2
False
\\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix 92.77 KB MD5: 6d991d8b24b0e7a4945ad179c12b455b
SHA1: e581b33eceafd835d409cad3668947a6b682e7d9
SHA256: e7852e455c1edfeea54e9f35f4d6cb446c2c43c3966ceeba29d2e79325010ccd
SSDeep: 1536:8+V2wIOAwgWquZc3jdluDRmom6xztlP6awXhhQ2g+dCNJYEmJJtyHGuSxytB+pn1:txIjoDZc3jdcRmd807MJYE8bx+BSsiF9
False
\\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[costelloh@aol.com].phoenix 76.56 KB MD5: 59243dd59473f83d82aa15308f798289
SHA1: e73e6420e0643e5d9e82ab8029800b67dad949ff
SHA256: 677b286c7d6558453a64c8d395ecde5470b3cb862fd3dcedba886d3aa467f150
SSDeep: 1536:Z+D4qsdThG0aoXp44XcaBjS8jQbNWNxQGbnWbv46GZCAsp5fbnxI:8sdlGBup4yv4Fbi+GbnWbv4vQAynxI
False
\\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 788.58 KB MD5: a1c4a3ea5be43f84ec66091a5c394fb2
SHA1: dc85fa671ca952d6db9c7ee0226725e77d3fe564
SHA256: 44e9c5eac3f5783ac48f0724a03abe924f172be35627adef6be57ef3832e2f3e
SSDeep: 24576:NPfNZUBpqhVhf5lCwG07a9tJucQGtgmlr:NPfNZUB6QwGgVyFN
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 862.22 KB MD5: ce5d3651f3be8651e5398ac68e5094f7
SHA1: ecba029205b27b0b20ae84e9f6f67c4f608a66b1
SHA256: 2c871f1db6fe343589750ba720e7dd717b9ffa49a6fef55c63fe994188f93037
SSDeep: 24576:7wLU45lzxTHfmx/H3aaJmvY8eF8IVP/av6V:7W5pxjfmXlg8BVP/M6V
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 20.80 KB MD5: e9324ab5f8ebcaeb888ab02f880a5745
SHA1: 6149b40d1500d671adaf57eb80070e608b66be6e
SHA256: baf646538d8d798dd007da1226bffad2532c78ab7502323e23003ebec03a78d8
SSDeep: 384:1kYykC3Fe+ZdpMu8BJZ5tk5hICOcDTojpFoEzsIfjS0:iYykC3ZdKuCJDVDcDT2pFoEVfu0
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 4.27 MB MD5: bf0eac4bbc8f24f0dbc8487204958775
SHA1: 958b35dabed208c3c89e20f70bc5b10059d05af6
SHA256: 95d1a7709015e5e715e844009271598d3e90bb12493cc49a0b3e03bf09ac821e
SSDeep: 24576:lLphZeZvKErxJPiNunUsWwk48BJTQAkufl5W4oP/EG+X6w5AYawdGKQQh5u8wLUb:2hJPiALKLki4fKDhIpiN2cVY7I
False
\\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 288.58 KB MD5: 6a83c7b98af03e9a1e9d31b03b24b0ed
SHA1: 6052078c6421c57a21ad2f1ae0c35200f73fb0cb
SHA256: 1f24523f54965ac9a4f911367db92ed4f7acf429cf075539bf6e08c7a67a0a7f
SSDeep: 6144:5rR1tsePqGXxx4W4DoDH0lcOx+eC28WDz9HrZ1x:5Fnsy/4W4DoE6EHprnx
False
\\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[costelloh@aol.com].phoenix 94.10 KB MD5: 8cd5e471ac7720240112b3aebbee5387
SHA1: eb970dd6981148e7fcec0e7e0f34fbe83489a0c3
SHA256: d16e45c9b925380404a1b676937a592beb47a510f65734e0c57ead26654bddd3
SSDeep: 1536:EHYxeNkziIzyO2ChBC7AtX1OYlDg3DgSN2RCo6osKt5bncQUA3jOh1Ln3/rZu8vj:kYx0kz5C2c7k1PDg3DgSN9HT65l3y1Ld
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 4.27 MB MD5: 33fbb58d0028d904d404e9258255f1e9
SHA1: 04f2a5023d1d3d16534ddb58d32d8458e8ac1477
SHA256: cd9e3078b23562ecfb6f4da1efa5f3449e52e8ececb32f45be418f53e92fdf2c
SSDeep: 24576:FVph0e2vKErcJsifUnU5W8ns4B1SJGpufrxWVoP/EG+X6w5AYawdGkoHeDCMcu0I:TjJsi8i/rpwgOkb0ctDWkrpp
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.19 KB MD5: c63b01dfe958d3ed39c3057e906a7b77
SHA1: 0fb9c285d2373766292f94711836cf4743cf2530
SHA256: 7d049ee1d84d23ca89e772cbe619109135cd7f468f581279782f602b13565ee4
SSDeep: 48:3D9RK0xi9NwLiK35hWdUq2w8OBzxsq9NnZxmvcQYHz:T9RK0xcwfhLw8OVxzjnZxOcQS
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.19 KB MD5: a889f43e10aa90ba6edb3257db9783f9
SHA1: 3b6af272a84f60ee448cf7833159c4df18d61dee
SHA256: bb09eb7aa318bcd89d07d9042b0dc2d8de0f3ee6317b7415cc16f3048032d862
SSDeep: 48:mSf2QQXgif69F7d59lg+cveo9q7ka3FreNXUfEq5hYHz:Nif+7dC+cL3SFrv8SS
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 898 bytes MD5: ca641208fcd51a6331cebae993d33d75
SHA1: cc1b07c11a95bc1c71d1f8ebd91585e42cea702f
SHA256: 9d06796ead402e010691fb13e66ee4e971c34cb3a9943002fc0a464859edf4b2
SSDeep: 24:74/gjexR3V0LqdJ9iFWmTOmACn+H9yKYHD:7pjexELqViFWBCnWpYHD
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 6.42 MB MD5: fd7d80258705d3ebbcabc14d58a74659
SHA1: e935f432f84ccaba39c661294cfd1ad6e71df0f8
SHA256: 18a2d89f339899c6e364bb01aab5cd7d7f14dc3c27779325994a8ce85556fc8c
SSDeep: 24576:54vzz1Y5Zj9Y6AOwaWVNWWHHzRu1k/L9chbUF/Tx7mWqn3gVtiBwGFwRusBwlNSw:5qk3NIX3NIIaOctBnTPTBn0GHP
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.61 KB MD5: e0746743e06ddd8d10475d5480c53154
SHA1: 3209650427a065461c3122182df2b0139d609b43
SHA256: 08172062e3a339c27b20d935eecf4ace9e0dc71cc6bcce3cdb0ed24771a6bd33
SSDeep: 24:JuVeCDmEdhNr1QBZmrI7clyks2uHwLw4TFbEiuBmInTAZHsd+oOxkbKfgJy+vNhT:JPOdQBZmr6clFuHqFbnMcGbGgM+vyYHz
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 898 bytes MD5: e4e8e949065fa3f50740d6c0774818fc
SHA1: 03c593f0620b34af2679bf70cbed272cf480d62d
SHA256: a23b496cab1ad4899cdfef9ebfac47e56178f88b33729e3649a40e9ec6a55136
SSDeep: 12:j8BcAR0tSE5aszJS27buc31LkTQ3oROKcfOlexXka6A5yi0IH60dHEg+IDwutKYj:oBz0IEbR1LeQYoD72U59QuHEdIDhKYHD
False
\\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 141.28 KB MD5: 264d23b3db1d86072029312204983704
SHA1: a847f8770d3565374c820fb1719fb1f8108861a4
SHA256: 631fbb961da31bb8b1ab178c89c17fe308a01aa5ba522c1057092daee1d133e8
SSDeep: 3072:djOAvt8oCVDMcpxEnJvyHX5fXmZ3CVlbaeXjK8Ho2Vr:ZOAvqppGiXEZ3C3bp2gB
False
\\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 4.31 MB MD5: eed90c440da06d4098e7a61f48a7ccbc
SHA1: 6ae5451aeff47680858d2e4ab1595361c44ef357
SHA256: fa68782de25b484fa0bdac1966b52eb442888629439cdf23ac06e2ff9b1b06bf
SSDeep: 24576:mHFf9nS3h99YuyqO2ymtHspR5pbgF+vvmWkrWHT5ZbyYnplshheL+cLYl5Sz9XW5:mocBwONUwON7qkrf2aHLeVNyrQ0u2dd
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.63 MB MD5: 70c136b6560e13498bf2360c2990c4bb
SHA1: 7f9cd781a9612ca335f80b21eea1a38d27a86dfd
SHA256: 690c74646a3e896d4493926f4184c8542a3d7e127795eed30f5186fd89794f21
SSDeep: 24576:LV+T8DOITNqJuJEFJUcAXPZOhQqGQ71rUfgSRgszT:Q8dmn+EhY/DT
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 1.03 MB MD5: d5e802b1852914d4a67c9c98f5e93539
SHA1: 0149bc3ca3cac309fe64c125dc82d4890c3b6c61
SHA256: 2f75c28752cef8b4604407c9cdf030e32158b97233a74d1b647d4251a6fe5116
SSDeep: 24576:wAEgjlVXk+PTANd+VFAY76varVl47yNPYd2gqAYxOANjm:REghwdMF36vaxPPQ3+nw
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 23.08 KB MD5: bbc9cac66daae98d21ba30cc95374bd2
SHA1: 99c983e226d8062a44a2c0c5f43def29c6275571
SHA256: 33fc8dea47fe979a0bd101b3a4796694205bc7f962d70c233f9fc3a0d5c5e5d7
SSDeep: 384:BAoys6IRJnBaJz+IP6ewDtL5SOcWl5YPT0xSgo/QTPwHrfzKXqiKzpiBl8ZQEUFW:BAoyJIRiiIP6ewpLcOcBb0Do/QT4LVTd
False
Host Behavior
File (1579)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\BOOTSECT.BAK.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log type = size, size_out = 42674 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log type = size, size_out = 6004 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd type = size, size_out = 577 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd type = size, size_out = 144072 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log type = size, size_out = 40 True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini type = size, size_out = 156 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd type = size, size_out = 74 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\preoobe.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd type = size, size_out = 307 True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd type = file_attributes True 1
Fn
Get Info \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\SetupResources.dll type = size, size_out = 17240 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf type = size, size_out = 7567 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml type = size, size_out = 74214 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf type = size, size_out = 6309 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml type = size, size_out = 60816 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll type = size, size_out = 19288 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll type = size, size_out = 17240 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll type = size, size_out = 16728 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\eula.rtf type = size, size_out = 3726 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml type = size, size_out = 80970 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf type = size, size_out = 3314 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml type = size, size_out = 77748 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf type = size, size_out = 3419 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml type = size, size_out = 82346 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf type = size, size_out = 8876 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll type = size, size_out = 15704 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll type = size, size_out = 15192 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml type = size, size_out = 86284 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll type = size, size_out = 19288 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\eula.rtf type = size, size_out = 3188 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml type = size, size_out = 77232 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf type = size, size_out = 3702 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml type = size, size_out = 77022 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll type = size, size_out = 18264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf type = size, size_out = 3526 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml type = size, size_out = 82962 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll type = size, size_out = 17752 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf type = size, size_out = 6851 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml type = size, size_out = 72076 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf type = size, size_out = 4254 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml type = size, size_out = 86442 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf type = size, size_out = 3643 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml type = size, size_out = 80060 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf type = size, size_out = 10125 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml type = size, size_out = 68226 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf type = size, size_out = 12687 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml type = size, size_out = 65238 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml type = size, size_out = 79634 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml type = size, size_out = 3546 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf type = size, size_out = 3046 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml type = size, size_out = 79296 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf type = size, size_out = 4040 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll type = size, size_out = 14168 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml type = size, size_out = 82374 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf type = size, size_out = 3683 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml type = size, size_out = 80738 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll type = size, size_out = 18776 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf type = size, size_out = 54456 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml type = size, size_out = 81482 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico type = size, size_out = 88533 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Print.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Print.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf type = size, size_out = 3865 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml type = size, size_out = 77680 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf type = size, size_out = 3859 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml type = size, size_out = 76818 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf type = size, size_out = 5827 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico type = size, size_out = 894 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Save.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml type = size, size_out = 60684 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico type = size, size_out = 36710 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico type = size, size_out = 10134 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf type = size, size_out = 4015 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico type = size, size_out = 1150 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml type = size, size_out = 80254 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico type = size, size_out = 10134 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core.mzz type = size, size_out = 181483595 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core.mzz type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf type = size, size_out = 6309 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi type = size, size_out = 1901056 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml type = size, size_out = 60816 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf type = size, size_out = 3069 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml type = size, size_out = 79996 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml type = size, size_out = 201796 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml type = size, size_out = 39042 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html type = size, size_out = 16118 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml type = size, size_out = 93314 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml type = size, size_out = 39050 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp type = size, size_out = 3628 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml type = size, size_out = 272046 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd type = size, size_out = 30120 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp type = size, size_out = 41080 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml type = size, size_out = 14084 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml type = size, size_out = 38898 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = size, size_out = 65536 True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\watermark.bmp type = size, size_out = 104072 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\watermark.bmp type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi type = size, size_out = 1163264 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = size, size_out = 8192 True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTSECT.BAK.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = size, size_out = 4662 True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended.mzz type = size, size_out = 43131591 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended.mzz type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi type = size, size_out = 872448 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi type = size, size_out = 495616 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi type = size, size_out = 184832 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 22095 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi type = size, size_out = 94720 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat type = size, size_out = 882628 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe type = size, size_out = 78152 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll type = size, size_out = 807256 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll type = size, size_out = 295248 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 21009 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat type = size, size_out = 3688458 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe type = size, size_out = 96088 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml type = size, size_out = 1974 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll type = size, size_out = 144416 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml type = size, size_out = 1972 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml type = size, size_out = 1382 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml type = size, size_out = 614 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml type = size, size_out = 5944055 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml type = size, size_out = 614 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml type = size, size_out = 3729832 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu type = size, size_out = 5198099 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml type = size, size_out = 23532 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\MasterDescriptor.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml type = size, size_out = 1965927 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat type = size, size_out = 1083027 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml type = size, size_out = 23345 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\MasterDescriptor.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu type = size, size_out = 2192672 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml type = size, size_out = 8260188 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat type = size, size_out = 4590407 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat type = file_attributes True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe True 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Core.mzz True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\netfx_Extended.mzz True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.Platform.Culture.man.xml True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.Platform.x-none.man.xml True 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat True 1
Fn
Read \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log size = 1114368, size_out = 6004 True 1
Fn
Data
Read \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log size = 1114368, size_out = 42674 True 1
Fn
Data
Read \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log size = 1114368, size_out = 40 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll size = 1114368, size_out = 144072 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd size = 1114368, size_out = 577 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini size = 1114368, size_out = 156 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd size = 1114368, size_out = 307 True 1
Fn
Data
Read \\?\C:\$GetCurrent\SafeOS\preoobe.cmd size = 1114368, size_out = 74 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\SetupResources.dll size = 1114368, size_out = 14168 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\SetupResources.dll size = 1114368, size_out = 17240 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini size = 1114368, size_out = 129 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\eula.rtf size = 1114368, size_out = 7567 True 1
Fn
Data
Read \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini size = 1114368, size_out = 129 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml size = 1114368, size_out = 74214 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\eula.rtf size = 1114368, size_out = 6309 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml size = 1114368, size_out = 60816 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\SetupResources.dll size = 1114368, size_out = 19288 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\SetupResources.dll size = 1114368, size_out = 17240 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1037\SetupResources.dll size = 1114368, size_out = 16728 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1036\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1038\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\eula.rtf size = 1114368, size_out = 3726 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml size = 1114368, size_out = 80970 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\eula.rtf size = 1114368, size_out = 3314 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml size = 1114368, size_out = 77748 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml size = 1114368, size_out = 82346 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1031\eula.rtf size = 1114368, size_out = 3419 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\eula.rtf size = 1114368, size_out = 8876 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1040\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1041\SetupResources.dll size = 1114368, size_out = 15704 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml size = 1114368, size_out = 86284 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1042\SetupResources.dll size = 1114368, size_out = 15192 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1043\SetupResources.dll size = 1114368, size_out = 19288 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\eula.rtf size = 1114368, size_out = 3188 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1044\SetupResources.dll size = 1114368, size_out = 17752 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml size = 1114368, size_out = 77232 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1045\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1046\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\eula.rtf size = 1114368, size_out = 3702 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml size = 1114368, size_out = 77022 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1036\eula.rtf size = 1114368, size_out = 3526 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1049\SetupResources.dll size = 1114368, size_out = 18264 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1053\SetupResources.dll size = 1114368, size_out = 17752 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml size = 1114368, size_out = 82962 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1055\SetupResources.dll size = 1114368, size_out = 17752 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1037\eula.rtf size = 1114368, size_out = 6851 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml size = 1114368, size_out = 72076 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1038\eula.rtf size = 1114368, size_out = 4254 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml size = 1114368, size_out = 86442 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1040\eula.rtf size = 1114368, size_out = 3643 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml size = 1114368, size_out = 80060 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1041\eula.rtf size = 1114368, size_out = 10125 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml size = 1114368, size_out = 68226 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1042\eula.rtf size = 1114368, size_out = 12687 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml size = 1114368, size_out = 65238 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1043\eula.rtf size = 1114368, size_out = 3546 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml size = 1114368, size_out = 79634 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\2052\SetupResources.dll size = 1114368, size_out = 14168 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\2070\SetupResources.dll size = 1114368, size_out = 18776 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1044\eula.rtf size = 1114368, size_out = 3046 True 1
Fn
Data
Read \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml size = 1114368, size_out = 79296 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix size = 144 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix size = 242 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix size = 144 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix size = 242 True 1
Fn
Data
Delete \\?\C:\588bce7c90097ed212\1046\eula.rtf - True 1
Fn
For performance reasons, the remaining 539 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (20)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 41030496, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 41030560, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 41030832, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = costelloh, data = C:\Users\FD1HVy\AppData\Local\costelloh.exe, size = 86, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = costelloh, data = C:\Users\FD1HVy\AppData\Local\costelloh.exe, size = 86, type = REG_SZ True 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\costelloh.exe os_pid = 0x8f4, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xdcc, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xbec, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Open c:\windows\explorer.exe desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Module (33)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 12
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x761b0000 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\costelloh.exe, file_name_orig = C:\Users\FD1HVy\Desktop\costelloh.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 True 7
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CreateProcessWithTokenW, address_out = 0x761c0c70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 True 1
Fn
System (56)
»
Operation Additional Information Success Count Logfile
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 52
Fn
Get Time type = Ticks, time = 141312 True 1
Fn
Get Info type = Operating System True 2
Fn
Mutex (41)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773000 True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 3
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773000 True 1
Fn
Release mutex_name = Global\0001B419773000 True 1
Fn
Release mutex_name = Global\0001B419773000 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #2: costelloh.exe
116 0
»
Information Value
ID #2
File Name c:\users\fd1hvy\desktop\costelloh.exe
Command Line "C:\Users\FD1HVy\Desktop\costelloh.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:00:51, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:37
OS Process Information
»
Information Value
PID 0x8f4
Parent PID 0x39c (c:\users\fd1hvy\desktop\costelloh.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 260
0x 504
0x 474
0x F08
0x D8C
0x EAC
0x E80
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x01210000 0x01225FFF Relevant Image - 32-bit - False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\costelloh.exe 71.00 KB MD5: 0f1a299cab0a4c43e9dcf5617b22042f
SHA1: aafe3ca9cf265d56eb273514335f1f3d392811dc
SHA256: c32e2cc11f4ff70164a316bbb62771b8b8c48561822f7ea016237a6a5fd0f169
SSDeep: 1536:5FOPbkyoTwtPto0Rl0DsN9/zLec5oGFACZrqdKbNYdRmHC2nap6P:5YPxAwtPtoe/zLaGmCZrqcbSjm1ap6P
False
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe True 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe True 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\Desktop\costelloh.exe False 1
Fn
Registry (19)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 10556256, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 10556320, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 10556592, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run value_name = costelloh, data = C:\Users\FD1HVy\AppData\Local\costelloh.exe, size = 86, type = REG_SZ True 1
Fn
Module (13)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 3
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\costelloh.exe, file_name_orig = C:\Users\FD1HVy\Desktop\costelloh.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
System (33)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 29
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 142796 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (33)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773000 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 11
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 10
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 3
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #3: cmd.exe
240 0
»
Information Value
ID #3
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:32
OS Process Information
»
Information Value
PID 0xdcc
Parent PID 0x39c (c:\users\fd1hvy\desktop\costelloh.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A5C
0x FAC
Host Behavior
File (184)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Open STD_OUTPUT_HANDLE - True 27
Fn
Open STD_INPUT_HANDLE - True 70
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 59
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 2
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\vssadmin.exe os_pid = 0xc58, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (1)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\vssadmin.exe address = 693631676416, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff931f40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff7acb20000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92fdd0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92fdea990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92fdee830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92fdee300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (23)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 2
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000002 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #4: cmd.exe
189 0
»
Information Value
ID #4
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:56, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:31
OS Process Information
»
Information Value
PID 0xbec
Parent PID 0x39c (c:\users\fd1hvy\desktop\costelloh.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 2AC
0x 9E8
Host Behavior
File (140)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 8
Fn
Get Info STD_INPUT_HANDLE type = file_type True 3
Fn
Open STD_OUTPUT_HANDLE - True 19
Fn
Open STD_INPUT_HANDLE - True 54
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 47
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\netsh.exe os_pid = 0x714, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (1)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\netsh.exe address = 674844459008, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff931f40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff7acb20000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92fdd0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92fdea990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92fdee830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92fdee300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (16)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 5
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Process #7: netsh.exe
10 0
»
Information Value
ID #7
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:11, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:16
OS Process Information
»
Information Value
PID 0x714
Parent PID 0xbec (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FBC
0x E90
Host Behavior
Registry (4)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (6)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff92e3f0000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff911400000 True 1
Fn
Load RASMONTR.DLL - False 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff605920000 True 2
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff911401310 True 1
Fn
Process #8: vssadmin.exe
0 0
»
Information Value
ID #8
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:11, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:03:16
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc58
Parent PID 0xdcc (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 4D0
0x FD4
0x FDC
0x FD0
0x C9C
Process #9: costelloh.exe
1099 0
»
Information Value
ID #9
File Name c:\users\fd1hvy\appdata\local\costelloh.exe
Command Line "C:\Users\FD1HVy\AppData\Local\costelloh.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:20, Reason: Autostart
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:01:07
OS Process Information
»
Information Value
PID 0x6c0
Parent PID 0xa40 (Unknown)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 688
0x B54
0x B38
0x 25C
0x 268
0x A48
0x 378
0x A30
0x 83C
0x A28
0x 3EC
0x CF8
0x CFC
0x D00
0x D04
0x D34
0x D38
0x D3C
0x D40
0x D44
0x D48
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x01370000 0x01385FFF Relevant Image - 32-bit - False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix 2.79 MB MD5: c41a49584b0749ba7a2bc2bd0e78508d
SHA1: 17a87a0082c63c10d4e907bb4d16b5998d65bd74
SHA256: 2c99c19783142d263def2c035e66e2271487e3f396573abf86810b919444c06f
SSDeep: 49152:oJ6tDuv7GuMRau8yuXQFKUYcs3HVKf3rhKHg0qNNXkNbTfjZ4b57A0t:oJbGnRau84KUYcs31KfFKA0jzY57Aw
False
\\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix 5.61 MB MD5: f8324bd49f68addaeb400f5c9b364aca
SHA1: 19e60875ff1294e6cc84dea567c46afd0e9f1f63
SHA256: 8cace2344749bf1f745613731d01f92e76160241e037d9726c844f8a4f1a72fa
SSDeep: 98304:Ef0pKGBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDKOgEkddu:27GBHTK8KXZ4UuY1kB1iKFKOUc
False
\\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.27 KB MD5: 8460a69870f75dce884cf8fd9103f524
SHA1: 1031fc093cf8c2aab170293a3b9fbce11170cf9f
SHA256: 34eaa249e86d84db14400dd90b336b21c253bfbd37e4dca21ed9b36b4b7fdd4a
SSDeep: 1536:k9kODotWkOSmQbx5swbIoATQeC7loBEEELgxt+UEnv8X:k9HW2SXbx5jIDPC7loBEu7U6
False
\\?\C:\Logs\Application.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.27 KB MD5: d56c985565b8d76ca40bff16f58d0d08
SHA1: 8f59faf2dc5393f56acf9aed73f16d7630bd19b5
SHA256: ec4bb4a68d145e13e4b7e91c107f1c1446a259e430399b9805936dfc6e27a463
SSDeep: 1536:fLdejGj8dme5jm0BhjGg/EgtdB9mE/TY8Qox5x1T3cIbMPLMNy:fLcqjY5jFhj75d9aS71TMRzMNy
False
\\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.27 KB MD5: e81aa5d26887ad73c6bece8f3daf4cd9
SHA1: 71705a1b9dde482598521e508e955ac1aa973d40
SHA256: f34674d5091d269b1080c066f70c40db909c1e9f4f738a72cb4709be0da14856
SSDeep: 1536:mR5ZFp9ewEwvc5dAzxyS0Fbk1ME412Y0905AUqvE1wJntQ4R5XI:mVFp91E0csdyS0V8aSCnqi8nhtI
False
\\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.28 KB MD5: 2e3a7baaffda6f983b3d65c8dd80881f
SHA1: 97f30b2d50d3932d54e26206614b899247c64744
SHA256: 54c3bfbb14ac339b969808947b617f999c83a1fd2de88bb22e6dc2387741296a
SSDeep: 1536:eCTbt605GvqXna4Cg/moyvh6uZtyFmalhOXAPoNyGpS1vv3i:z8fCXnan4icFmshWAPCyGp+H3i
False
\\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 22853e77ef671ce9b41b4355211c75c1
SHA1: 4edfd07e8d92d090e0456a470b1435461d5ba1ae
SHA256: bb2fbe68b7e6a54c4e5d582ad040acbaf604f476c95aeba443b486175fa605a5
SSDeep: 1536:sQIvtjuY7RgUOPaw5d0+38LvcAUx/RqTAM1InIdJP9LE:avtjJg6w5aM8LvDUlRqkMK0FI
False
\\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.38 KB MD5: 9ded2950c54aaa0fdd7830b017595c4c
SHA1: 2d4e65091d46b9ceb2717b00a9b9236c5406d9f9
SHA256: 2ff32dacdc37347d98cc72d62fd89b015b33bb188799f3c33fdbcab04d167220
SSDeep: 1536:pWSETAzr7dkwCZ03D/aVjbotYj3kKWGo5oOph+5e:pdfzr7dhu0TQbotYwKWHph+5e
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: a8c3413503db84cd01aeefb7f62de8f3
SHA1: 5a7d0ea776bf960a61f41705e5d545ac652c5d9c
SHA256: 98cb48e149190bea89529f89ddc2a0a93d6b1ce39acc54a7f18da04d6817edbe
SSDeep: 1536:7vhgTqxN+vsEWJpAZ5I2ocbvA3GveUeQtN+ncXVN1flGuHCzp5UMr0:7vhguxEvsEiSjIHcM0eQtNacXZHG5U40
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: f21b3aae07794bc5348641a3ac9f76d5
SHA1: 98180270129947842d25e2f5db82738132ef72f3
SHA256: 3d47ec527d25e55b77d5dbdadbfd79d155346456258a9518c86e6bc827218a4d
SSDeep: 1536:uHakmF9elFZtmG9tk6kDROl9Cpaoz7vxLJ2A7a0x7NiGA8hdRr3TM5:uXmLqtl9tZoaIXzHd7acJiWb45
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: 21ae15cc966fc30cdc75421d0494e100
SHA1: bf0032f53db8d16f02b103da509419a620f69dfa
SHA256: 37a90778ef608af766f67b2fcf09f30228dec5e7164035b558b2fc769322e207
SSDeep: 1536:j31o0ukZGIt3uFlQVkfpjifSV09orUDTTuGcu2rQAjN6QLApm:jFNdJkFvGxorUDnuGclcAjNNApm
False
\\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: aec2c19bba39f527c520b0b175bf2512
SHA1: fab60a8956a02f210333588463ed893e3617837d
SHA256: 30d4e02f61b7c03893e6ed76ba6600fc98799160324f97e872cfe7708efde3f9
SSDeep: 1536:MWu08MolgKmfR1VjZeFxIGSaOrXXRhajS47XRjaYQOVTqYIe4:MH01v/CgXXRAe47XRlJqYIe4
False
\\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 3c06228d4de46c5ed56462ecd6f2ffa9
SHA1: bd66dacbc75868a19180c7a6f79311fe6de34f49
SHA256: 65d552a8802805fb25ba96507346d89bdac0189e3829f230ef84ca6baa8ea89e
SSDeep: 1536:9Sr24SCgge1Kxx5LFf1JpdSQfFCXxShcDb+VGNkI1Lkz6zaQ4kiGv/VFDW:9qmaXHNNok/VZOoGz6GVhW
False
\\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: e8e992973209bb5ab34c31b4df2ccaf6
SHA1: 2eaed51c8c54b684597325f172d441e322c8e37c
SHA256: 6789de486823fd845e6df897cfa1713e1e784099f1e73e601ee83a210bd53c28
SSDeep: 24576:diym8grEa+t2ZecUT2JmuJXGJlWB1lZPq+P4DBb2L5hVan:dio6+20cUTR0XGJWlZPq+P0Bb2DMn
False
Host Behavior
File (863)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Application.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Application.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Application.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = size, size_out = 129 True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini type = file_attributes True 1
Fn
Get Info \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes True 1
Fn
Get Info \\?\C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu type = size, size_out = 2141433 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu type = file_attributes True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu type = size, size_out = 5091790 True 1
Fn
Get Info \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = size, size_out = 4662 True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\updaterevokesipolicy.p7b.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\BCD.LOG1 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\BCD.LOG2 type = size, size_out = 0 True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bg-BG\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll type = size, size_out = 95648 True 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bootspaces.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll type = size, size_out = 99744 True 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\bootvhd.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = size, size_out = 76632 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\cs-CZ\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\da-DK\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = size, size_out = 79200 True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\de-DE\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = size, size_out = 80224 True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui type = size, size_out = 46496 True 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\el-GR\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui type = size, size_out = 74072 True 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-GB\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = size, size_out = 74144 True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = size, size_out = 44960 True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\en-US\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-ES\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui type = size, size_out = 77664 True 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\es-MX\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui type = size, size_out = 75104 True 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\et-EE\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fi-FI\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = size, size_out = 3695719 True 1
Fn
Get Info \\?\C:\Boot\Fonts\chs_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = size, size_out = 3878410 True 1
Fn
Get Info \\?\C:\Boot\Fonts\cht_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = size, size_out = 1985867 True 1
Fn
Get Info \\?\C:\Boot\Fonts\jpn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = size, size_out = 2373000 True 1
Fn
Get Info \\?\C:\Boot\Fonts\kor_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf type = size, size_out = 174959 True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgunn_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\malgun_boot.ttf type = size, size_out = 177414 True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgun_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\malgun_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryon_boot.ttf type = size, size_out = 143754 True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryon_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryon_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf type = size, size_out = 145419 True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\meiryo_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf type = size, size_out = 162331 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjhn_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msjh_boot.ttf type = size, size_out = 164347 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjh_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msjh_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf type = size, size_out = 154427 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyhn_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf type = size, size_out = 156245 True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\msyh_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segmono_boot.ttf type = size, size_out = 44859 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segmono_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segmono_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf type = size, size_out = 85862 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoen_slboot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf type = size, size_out = 86178 True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\segoe_slboot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = size, size_out = 49091 True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Fonts\wgl4_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui type = size, size_out = 79200 True 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-CA\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = size, size_out = 79192 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\fr-FR\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hr-HR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = size, size_out = 78688 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui type = size, size_out = 45976 True 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\hu-HU\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = size, size_out = 77144 True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\it-IT\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = size, size_out = 67424 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui type = size, size_out = 42904 True 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ja-JP\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = size, size_out = 66912 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui type = size, size_out = 42912 True 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ko-KR\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\lt-LT\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui type = size, size_out = 75608 True 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\lv-LV\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = size, size_out = 811936 True 1
Fn
Get Info \\?\C:\Boot\memtest.exe type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\memtest.exe.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = size, size_out = 75616 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nb-NO\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = size, size_out = 78176 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\nl-NL\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = size, size_out = 77656 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pl-PL\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-BR\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui type = size, size_out = 45984 True 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\pt-PT\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui type = size, size_out = 74080 True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui type = size, size_out = 54168 True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\qps-ploc\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll type = size, size_out = 92576 True 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Resources\bootres.dll.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui type = size, size_out = 12192 True 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\Resources\en-US\bootres.dll.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui type = size, size_out = 76128 True 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ro-RO\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui type = size, size_out = 44960 True 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\ru-RU\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat type = size, size_out = 1083027 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat type = size, size_out = 4590407 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml type = size, size_out = 37360 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = size, size_out = 59164 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml type = size, size_out = 16148 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml type = size, size_out = 9818 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml type = size, size_out = 236956 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml type = size, size_out = 36720 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml type = size, size_out = 36750 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml type = size, size_out = 6158 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml type = size, size_out = 104348 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml type = size, size_out = 23444 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml type = size, size_out = 27466 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml type = size, size_out = 324596 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml type = size, size_out = 104560 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml type = size, size_out = 97084 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml type = size, size_out = 19018 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml type = size, size_out = 1526 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml type = size, size_out = 11048 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml type = size, size_out = 2310 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml type = size, size_out = 11146 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml type = size, size_out = 94612 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml type = size, size_out = 96644 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml type = size, size_out = 720348 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml type = size, size_out = 103844 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml type = size, size_out = 26782 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml type = size, size_out = 32926 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml type = size, size_out = 29766 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml type = size, size_out = 25518 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml type = size, size_out = 24558 True 2
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml type = size, size_out = 2042 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml type = size, size_out = 14132 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml type = size, size_out = 77386 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml type = size, size_out = 731118 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml type = size, size_out = 174846 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml type = size, size_out = 86894 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml type = size, size_out = 986292 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml type = size, size_out = 78078 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml type = size, size_out = 3304 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml type = size, size_out = 3238 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = size, size_out = 2913 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui type = size, size_out = 77144 True 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sk-SK\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui type = size, size_out = 76640 True 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sl-SI\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui type = size, size_out = 44888 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = size, size_out = 76128 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui type = size, size_out = 44952 True 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\sv-SE\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = size, size_out = 75096 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui type = size, size_out = 45472 True 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\tr-TR\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui type = size, size_out = 77152 True 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\uk-UA\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = size, size_out = 63840 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui type = size, size_out = 42400 True 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-CN\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = size, size_out = 63832 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui type = size, size_out = 42328 True 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-HK\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = size, size_out = 63840 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui type = size, size_out = 42392 True 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui type = file_attributes True 1
Fn
Get Info \\?\C:\Boot\zh-TW\memtest.exe.mui.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr type = size, size_out = 44488 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\bootmgr type = size, size_out = 395226 True 1
Fn
Get Info \\?\C:\bootmgr type = file_attributes True 1
Fn
Get Info \\?\C:\bootmgr.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTNXT type = size, size_out = 1 True 1
Fn
Get Info \\?\C:\BOOTNXT type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTNXT.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\BOOTNXT type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png type = file_attributes True 1
Fn
Get Info \\?\C:\BOOTNXT type = size, size_out = 39379 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Application.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Application.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Application.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Key Management Service.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Key Management Service.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx type = size, size_out = 1052672 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx type = size, size_out = 69632 True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx type = file_attributes True 1
Fn
Get Info \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml type = size, size_out = 1743 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml type = size, size_out = 129745 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = size, size_out = 28865 True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = size, size_out = 1334 True 2
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml type = file_attributes True 1
Fn
Get Info \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.id[B4197730-0001].[costelloh@aol.com].phoenix type = file_attributes False 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\costelloh.exe source_filename = C:\Users\FD1HVy\AppData\Local\costelloh.exe False 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\AppData\Local\costelloh.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\AppData\Local\costelloh.exe False 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu True 1
Fn
Move \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu True 1
Fn
Move \\?\C:\Boot\Fonts\chs_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\chs_boot.ttf source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix False 1
Fn
Move \\?\C:\Boot\Fonts\cht_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\cht_boot.ttf source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix False 1
Fn
Move \\?\C:\Boot\Fonts\jpn_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\jpn_boot.ttf source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix False 1
Fn
Move \\?\C:\Boot\Fonts\kor_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf False 1
Fn
Move \\?\C:\Boot\Fonts\kor_boot.ttf source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf.id[B4197730-0001].[costelloh@aol.com].phoenix False 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat False 1
Fn
Move \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix False 1
Fn
Read \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 262144, size_out = 262144 True 3
Fn
Data
Read \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 262144, size_out = 262144 True 3
Fn
Data
Read \\?\C:\Logs\HardwareEvents.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Application.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Internet Explorer.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Key Management Service.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx size = 1114368, size_out = 1052672 True 1
Fn
Read \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Read \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx size = 1114368, size_out = 69632 True 1
Fn
Data
Write \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 786738 True 1
Fn
Data
Write \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 262144 True 3
Fn
Data
Write \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 786738 True 1
Fn
Data
Write \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0001].[costelloh@aol.com].phoenix size = 262144 True 3
Fn
Data
Write \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 258 True 1
Fn
Data
Write \\?\C:\Logs\Application.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Application.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 258 True 1
Fn
Data
Write \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 258 True 1
Fn
Data
Write \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 274 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 306 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 370 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 306 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 322 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 338 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 69648 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 338 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml size = 69648 True 1
Fn
Data
Write \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml size = 306 True 1
Fn
Data
Write \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 1052688 True 1
Fn
Write \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix size = 354 True 1
Fn
Data
Delete \\?\C:\Logs\HardwareEvents.evtx - True 1
Fn
Delete \\?\C:\Logs\Application.evtx - True 1
Fn
Delete \\?\C:\Logs\Internet Explorer.evtx - True 1
Fn
Delete \\?\C:\Logs\Key Management Service.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx - True 1
Fn
Delete \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx - True 1
Fn
Registry (16)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 13783888, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 13783952, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 13784224, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\FD1HVy\AppData\Local\costelloh.exe show_window = SW_SHOWNORMAL True 1
Fn
Module (36)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74ae0000 True 15
Fn
Get Filename - process_name = c:\users\fd1hvy\appdata\local\costelloh.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\costelloh.exe, size = 260 True 7
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x74af4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x74af4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x74af4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x74af4b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x74af6b30 True 5
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x74af6b50 True 5
Fn
System (64)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Sleep duration = 5000 milliseconds (5.000 seconds) True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 57
Fn
Sleep duration = -1 (infinite) True 2
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 117812 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (80)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773000 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Create mutex_name = Global\0001B419773001 True 5
Fn
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 10
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 18
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 25
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Release mutex_name = Global\0001B419773001 True 5
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #10: costelloh.exe
20 0
»
Information Value
ID #10
File Name c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe
Command Line "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:23, Reason: Autostart
Unmonitor End Time: 00:03:28, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0x828
Parent PID 0xa40 (Unknown)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A20
0x 7B0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x009B0000 0x009C5FFF Relevant Image - 32-bit - False False
costelloh.exe 0x009B0000 0x009C5FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74ae0000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x74af4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x74af4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x74af4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x74af4b00 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = Ticks, time = 117781 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #11: costelloh.exe
20 0
»
Information Value
ID #11
File Name c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe
Command Line "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:24, Reason: Autostart
Unmonitor End Time: 00:03:28, Reason: Self Terminated
Monitor Duration 00:00:03
OS Process Information
»
Information Value
PID 0xb60
Parent PID 0xa40 (Unknown)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BDC
0x B50
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x01080000 0x01095FFF Relevant Image - 32-bit - False False
costelloh.exe 0x01080000 0x01095FFF Process Termination - 32-bit - False False
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74ae0000 True 2
Fn
Get Handle mscoree.dll base_address = 0x0 False 1
Fn
Get Filename - process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\costelloh.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x74af4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x74af4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x74af4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x74af4b00 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = Ticks, time = 117890 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Release mutex_name = Global\0001B419773001 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #13: costelloh.exe
26328 0
»
Information Value
ID #13
File Name c:\users\fd1hvy\appdata\local\costelloh.exe
Command Line "C:\Users\FD1HVy\AppData\Local\costelloh.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:32, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:00:55
OS Process Information
»
Information Value
PID 0xd2c
Parent PID 0x6c0 (c:\users\fd1hvy\appdata\local\costelloh.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D30
0x D4C
0x D50
0x D54
0x D58
0x DF4
0x DF8
0x DFC
0x E00
0x E04
0x E08
0x E0C
0x E10
0x E14
0x F68
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
costelloh.exe 0x01370000 0x01385FFF Relevant Image - 32-bit - False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 11.17 KB MD5: 370c508e32fe2ea528811ef9db5cf686
SHA1: f69036055e04f27b897a6249b7c1c9eff41a23ac
SHA256: 3c31f3df3cb5a51c9c7e1816cd3d0e82f0f2ea18fca13f1730946eae4ede3c5f
SSDeep: 192:3yR+VKI8V2lVJbyCeMcesVdpkf0YNKtsRKb8+DJ4Mx////5tqVMU:CYVx8VCOCeMUVzsUbn4MJ/Gn
False
\\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: fd8ea442385bb555136128dabbcf1c9b
SHA1: 2e583c20cdcd719b8d76e00dc22506b8f1290bbb
SHA256: a2d9db12509839a1dcbb3eece0fa0cf74a3735abb19fa595699360771c0f29a7
SSDeep: 1536:eXVD7qm3kryp50L4O+UBuUuORLGTPSjUDKHOobs5RV8eQ5o:OVD7qmvn0L4rUMUTRLGTPSjUDKunU5o
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 75.91 KB MD5: e90e8508862d2956fb5eba3aef3d5a66
SHA1: 18050a48d09cd55457c1fb206908956613b7df54
SHA256: 3b9e1d0289dbfaf7c9be7afc6f284a536397ae566017c2e41eb448361ebfb924
SSDeep: 1536:ynn3/fZJZmq3fAl2IQGCaFG+A/uheVoAWUTLVXJBWJIuWl3o07QWm6z0Me25jpH:mHZJZVAVwOjLaV9+0x9z0h25jpH
False
\\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: bc30bc70d80bafdbed996e21504489a1
SHA1: 7f94fe293ddca2f0989e60b13f092a6b7b081bde
SHA256: 2ccebf14466406d8100595075ad108cfd6a32665759e3d761bdfabc1f479f597
SSDeep: 768:T10jQTTLG1meGMT9zIx6ZKA4UC41OJjTNJZCanLdNSHy+03W8MwkcSeM1FLvWBUF:aTmej5zIXUOvbxLnPjVNSLp54+Wq
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 4.58 KB MD5: 39baa32a9419504e17d19dc0800d8a14
SHA1: 61122ddaa3b5a16b904e82731c7710f6a047c93a
SHA256: 1592a2f3a8083561f5e63f8ab91fc4d25487959fc5583a73903d93254c71680b
SSDeep: 96:nxpfzJtPZLcBPABXPqC+QhOlbsq2NFLGbCWkFDfcEfRjv1dXXpT27:n/f9AZlYNFL/FDUEfZv7h0
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.08 KB MD5: 2e90dd23493cadb5e400207ac39de12d
SHA1: 1a6fb54a834072cda31ef9df4b5c35d2b4032f55
SHA256: beb8ccbe5ae7f184687054b2a07260d5430d791f6d59de7002f878fdeb6d94e6
SSDeep: 24:cbxDXPm1TjCgY5n94/mob/qqGBZ40QPemy27:cbx7Pm1fi5WTblo40QPemy27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 850 bytes MD5: 50cb827c7aa02d6f06ebd5011af66583
SHA1: 8e4ed39d3981484c34fa336e183f3343c8366eae
SHA256: af21d9a3aaee4b2b83358c01d9f154f6514eaf4430bcc694e64fa0a3d17606ee
SSDeep: 24:+6doVgrWj5fZhzdG2Oh0oFwAxqmgX9S8s2K:FdoircZbxO0oFwAxm9S8s2K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.35 KB MD5: 8c30b2173905f967e561b705423b23ff
SHA1: a803dadc522b8c090690ed926af3ace784485ddc
SHA256: dfa798430e483717f013904915557c09cd8a90329589beb802b7df988e7d1016
SSDeep: 48:Y9j+ANx2spM55DR6ZF8HfyRrQ+ClMPJYSrUBg6UmFm27:YV1pMk6Hfq/JRrUJUmFm27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.56 KB MD5: 466c009a6099b0508c0a246accdba110
SHA1: 28d20c15687d7f922ab4e1399228ce79b48dee02
SHA256: 23ead6f9f302b2b489830428dbf668e3afdfaee368bb78490cd3af0422211f26
SSDeep: 48:MncReEeWkDsVVJ46jdBTnCZgfpI0a/10HC78hxjNvrJzFkm+nax2K:Mkf5kDszJ4+/nC2fpI0a/10i+DZFk7av
False
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[B4197730-0001].[costelloh@aol.com].phoenix 14.86 KB MD5: 14dfd3e970fce6d1abab2b6bb9425e6a
SHA1: 86453d44b77e67d4a7a177c98b90f4106d86f480
SHA256: d4422948840798d7357e1878c50aa245874cecad8b165da82f728beceb7eb877
SSDeep: 384:j1SUulmEh2HsO2YoPjxhCNEA3874XE+H4utCduHUxfEyW:/s5FbG3PEmCdY+fQ
False
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 40ffd4424e66e85ef854ace380058c41
SHA1: 9504c39caa8ac4f44fd190957ce508ea27b4f40f
SHA256: e355ae27d87fda58dba9f27f1b14581a50f08f358741d73b3f8de0855f9af40c
SSDeep: 1536:iA9V0+zc7O2ejwBBMPDNkFOOoE61yRaP3iuRLm:iQ8K2kck7OoE1M3il
False
\\?\C:\BOOTNXT.id[B4197730-0001].[costelloh@aol.com].phoenix 242 bytes MD5: 295b3bb4ed4d99b3e31daca28ba17495
SHA1: 6a07c5404e4dae55f2a7442cbb71eda3fd461182
SHA256: dc48c9f4f0c92c975cf48c95014b0bc5a86fc087cdea5c6259b5117b3718b792
SSDeep: 6:ivUMwn1sLHv82w11H1Q/e/4nqbpI7OHpxZOl0N1:ic882U1Q/eQuxZ11
False
\\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: dbd748d5430d79275c2e0ca762af2a22
SHA1: e988dda974c33ba7168de4644084f7db07fc1561
SHA256: 71fb579fdda3df14b6744aaa66fa9d1297c8218238c9b0962df6d0eb5495cbff
SSDeep: 1536:5mbNdLvbUVt751lbXkz8/ZWFHE2ZPe9twDoJweXCM/popdSqh5zQfwzSCKn:5mBRbUVt7L9kzmGPZ4co9WSqncOSCKn
False
\\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.07 MB MD5: b1f4a2b5952e00f031fec2dcbeaef4f0
SHA1: 470b611fc055e0af23109a480bfa25dc23f7e369
SHA256: c5faf1b962ef397c4b2047ec248206515ccb3cd1705846c84c1a3ae94e2e5afb
SSDeep: 24576:wVe9pW8ng8+YCVL66bmiBhvdyb/Xq6zoHGHwhRpNYgMsbeMWgdq:9gsx6z1MXzAGmRpO3+Lg
False
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 2.82 MB MD5: 73151948439fdcbaed6d5ece3d72a161
SHA1: 22fcb15c7e327ae8cc2736a0b30ab07efeed4ac8
SHA256: 224e53ad6557e079ff8048dbe604ce592b5d6b77b20bcc85bb9478e37efec061
SSDeep: 12288:CJC7vOPcBu9NIOlMhL/ek+mBtI6D/hBLMOZ/OPTtwT5FypNTxeaI3OjboleEL:4C6kBuHIfJB+0tz/HIOIxwTXypNwaIrv
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 1.03 MB MD5: 14d4a71cdbcd995136e7e0cfb72062a6
SHA1: bc9b6f1710a8a4c61ca3fe52b088b5acd95a460e
SHA256: d4c708e45f0eaa586d97ca6b177602ece64eaaf72e3069eb4e28035a76bfa4ce
SSDeep: 24576:MpT/jmpiPjaFLJnjaBYkiB681GWF3Jts+6LerK:MdbjQLJnjkP8vFZ9u
False
\\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: a18564e153ef1fd5f7dc2590935c4bbf
SHA1: 79c7ed0024b658bd4a3f4b6606a14e40cc5b5e77
SHA256: 532320691f6ad31edf93a56f6798fcd2a6a47c57d2a622caff3cc62f26256d6a
SSDeep: 1536:Hq0Dju4rqsI10VY+8iG89F21/l4OphJhQGkL9ilo:K0+4rZ60Sl8r2RuQv+i6
False
\\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: ae4713b7b641dfa89460febd44cdaaf4
SHA1: c0d25a1d78fe5e0839178561ce1a05596866868b
SHA256: a4d36b20267efec3c097e97768e11aca667cf8bd538b625c17704193abf564f7
SSDeep: 1536:DPDBbKYGUz5iIox8aXNUlrSQPNIMolIlpZkUaetl0HCnHulL/:pbKnUzA8U+PSglXTaeEHCHe/
False
\\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.36 KB MD5: a18af7b7ffa161bc01394a775269f749
SHA1: 0f89145d3c012a9e817f2db3896f537fde9c83d0
SHA256: c0206cc201fc7cb7406a2ea01dfe122521e00c43e52ec9edd5f66b43463e017c
SSDeep: 1536:wHj9q7je0wsO3Z68u72kHVxWZx3XixprM10mIPSS:GqrZSaVRfI1rS
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 36.81 KB MD5: 7fef81853c52d1454bbeeff245e92c4a
SHA1: 0a28097dd8c7f1b3f7a4a08894e227cca2a57aaa
SHA256: e3226a4cabdb7edaf520f87998d852976328aca1fe5b9edca91cdeddbd13e2b1
SSDeep: 768:CNSiQFhkH/9/tPYXNK5VuNoGUM/KjF0RhmtN3ODINSG2eA1Wwb:VbFw/9twEDG/Kj+wGjeA3
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 5.13 MB MD5: 3c1e0edcb7db48a28b796f23059001c3
SHA1: ae2c77c5c9e955ee4016ffd20922a4123005921b
SHA256: 5add0c9833a12751bb5deaf092f3d5810946d3c9a2aa113bced2262573f9f2cb
SSDeep: 49152:NEbgecxEPn2XX+IEl7pJs8N6cdVco2KLcowSS97mGp:14Pn2XXi5pm8Ioeo15wSS5m8
False
\\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: cc2b32d472376f2e56c442ca18840e1b
SHA1: 8bc6ecf5560e5fc919d6dc63fdda4625d8cc8329
SHA256: 291517a607ae80bbef6496b8c665240324985695da22b676451c0d13748ddb57
SSDeep: 1536:Pm9cT54F04WJHkSYUFXS4wGYT6pAHA6cb/1+ZdQ+p6i9KYg:P794FsJHkSYeB8T6pAHA6Q/QU+p78
False
\\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 83c742e0ecd30176b0280beef40e808a
SHA1: 175579eb627d701fe7ce0d52bb1590d0f2c63a8b
SHA256: fa2395d278f762ceb293fb37038225d581ac71faf66d84c892ffc7a0c5a3ec6a
SSDeep: 1536:bKxci+558xm1mtBnakYC87v/tCFxOJ8lC6zH84HcznaZJSxjPdCE:OSr58x2mjzYC87nM7OSo6zHQaZYxjPdL
False
\\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: 0f032dc3ab38726604155f51675ce565
SHA1: 3a2ee87a056eb5affbe2c8373ca24c483abb3520
SHA256: ace4c0b2bbba69c1a719330e10245008ac811e01aa803acc1e757fb963d2c6ef
SSDeep: 1536:y9V0hYNu5oK1ZvJWnSZytnC48XEU8PaWjRfub+:ybN4o0ZQOytCpXE7Njz
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 58.06 KB MD5: bccce8351d3b3cda588d2451902451ac
SHA1: 117b97dc14b6b977f072388d84e68ee797290580
SHA256: f9cf5e381357af5ed57fa20ac4119ad1ec4d537326a41d9724ed2b10368ec9b0
SSDeep: 768:vIUncjmDYacMsBnKd6lFc8Pk+h0m5DIsFZJFrBwAESuf8krYnHG9IkevDg2EHUxo:gUcqjYnJFd29uZ3izSIb2EHU+Q4
False
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: c7e36b781902b144f68f4c8b445d7096
SHA1: 915e6bfa014a3dc77a32c6b1cb3a6144b49172bd
SHA256: 7fa16b644768bb3c4933a4c91805c3c8b2f52706908b44aa90b849a254982703
SSDeep: 1536:6CfMUNJJ+kj2yoqLRSuv6zu+Z2/3fdnd7hv6yxaKx6bT6D:7f1J5j50uNRFJcU
False
\\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: f53d2b9080d12efa03cc5912b01af255
SHA1: 9c35b225fe95c7fc532b6bcb6ea93674c70ad9cc
SHA256: b28e42f5b790792f1c965827c642620f85e5b554ed98effd83419fd70a434e4f
SSDeep: 1536:iKV8Enq+FKZvr3HPWyiuvPuunDnAoC1SB20SruNW+hrjy:NVdqoKZvzPWgvPNn81x0Sr/+hq
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.30 KB MD5: 51c0b79c006266be2ef43db3db46d520
SHA1: 5accfa950de0e9b118ee31e2b4a68de280d3644c
SHA256: ba3cb2e5fc2ee05a87e281ca71793feacfbba074ec22701a7fc1044139ad588d
SSDeep: 48:BhkMquqo4UeRu9SU8Ru/wREhHpAnirXjmeZTjeksVvSN2r:t4UbSU8pEh003ZG+2r
False
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: f4d3eca26862c322a410954470096ee3
SHA1: fe6f7a0ee90643452ef97b09ef67930783f5c289
SHA256: 80e5b16eea93cce7fad50e63c24992c2142c5b71a7046c431d88cc7e4db36faf
SSDeep: 1536:K+URfAbwa9yll1H3qo4ZpnORgkNdF7XWC4egGKWBr+KpzD4:KAN9yllYzpn0g6F7/gdupzU
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 16.08 KB MD5: 20de964fa798ada07e371d8cd8be24c4
SHA1: 2b8af7cedb4d34b7e016c8e76f8cc13895d43b33
SHA256: 384b7fb543e16803ea0c6e60bb2b72fb92a124a98946b0e56f43d07a6aa70e8c
SSDeep: 384:Mze5qCy1uFKwj4E3/OKu2GffnBmv476JtMUKrkiZgftKaKHr8Eks3:diod3ru2cfnky67dKA+AtKaKHYW
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 9.88 KB MD5: 41edce230bbcdb7836e5dd0239f7aee6
SHA1: bee251e950503cf753adace05c13d6155fd24b5f
SHA256: d9554ecd226549a7c1d66cc1df9eb29a394a176abee5fbdded48d3093eea5d17
SSDeep: 192:ruLWbF4/Mutx4oZwBsVJtCJsVvJdx5vp5nU4u/8c0K6W5O8uC3kWrrqp4U:VF4Eutx4oWBai0t5nwUc0w3uwsL
False
\\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 9fff9b1f84e9c206be2f5d9e491595a6
SHA1: ecf51dbc0760d1adc4914caedfa2b3877e805cb9
SHA256: 34e677ff901344b8fda74940154effc4a82bbdfba425d2496ce55ae5295f9c99
SSDeep: 1536:DyIYVm83ONiSB7jX8zZ4BneoFbmx07PKabWRtnnePgo:Dyte57jXfBn/Fi0OtnnePr
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 231.72 KB MD5: 206bd1ce0d5ec388b943fe9a71227dda
SHA1: 072db2deb8c233231fc5e16eaa905ba7d4e1c84c
SHA256: 88f388df89721e86cebda5855b676d9bb9bdac911657a908ce115eb911fe453c
SSDeep: 6144:OOxrKw4O5BXHU8aqfFHx9ZmtmGMZd9ArLc5RR:/xaw3U8aqfjmtmGyd9ArI
False
\\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 68f746f7790b21fdfd00cde71b93aed4
SHA1: 0763f333758bc50ef20a758360bd4afc92a31d34
SHA256: 17283f4fbfc39d9f1979ba04cec5a2ca4ad53d8f96ace1c8133771b4bbf9cc12
SSDeep: 1536:qNMPVi4BsAfDoWuH2Z1BwJqpHetWea220rdD0G:HD6aBuH2Z1agsWH50rdD0G
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 36.16 KB MD5: 6bf7d585f396284e3118de4a05e4e6d9
SHA1: e65ec1e5e16c15f98a51e0302792757007d2df24
SHA256: f8b23b2c94fa90185cbfc6f0be81abdb47d43054a90e710ee2496b9001412f54
SSDeep: 768:5SbouazPOlbGTZ7u59+/W+AW63+1u/Z50+J3lj3oEIzovRYwUm0ywU5M7B9:5Sbo7zPKbGV7u63AWp1uB5VLTyo5XbZu
False
\\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 33298678ce90e0f9062bb749a4cd3f32
SHA1: 619b5e6a135c9b7adf67fa094d8f67cd7441066a
SHA256: 512e4191dcdcdbd4883380b7741ccbab51f30c22613b5833a9f88a84e0314f54
SSDeep: 1536:cbFjyPDpzNhEC/Zd7vsE4utZAgY61Q3QTaeZf1gw5LT4:8UTWC//UE4GvyQLfyH
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 36.21 KB MD5: 28ddcd15fcabfade80fc99c1847b157b
SHA1: eeb059cf6bb621629d33b9e4e0752c0c8b81f038
SHA256: 8e712f0dcfa490858b7d3215b9aa8cc89e73987214ffd0a84aa632e2aace9f62
SSDeep: 768:pWd6jVXbiuYKyXtR8hy2PK4Z7gIN++hafesW0tE+3xqvZr9O5QTo/:LV/E9/3qUc+2Z9yENhhfu
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 6.30 KB MD5: de32511214019aa364e7f544cb374179
SHA1: 32a8d2b1b929af248fe31f4a969a72c837370139
SHA256: 2b7a21a40dfbded5f991b02f3ddbb3513f1e7c85c2050b47cd1bffe26c4bc7d0
SSDeep: 192:a4rfhgxnz+bgrEab3d6LHWYoN2ll+/uLcB5wU:aefhgpFJbt6jWY1l+mwBh
False
\\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: 3bc5d23e90fb6ff0873bac55e66fbfff
SHA1: 570056a24187a61f200cbd888edf9687f0360067
SHA256: a19e973bf120fc9b5858d6b1bbb5bac41fe3670f8fda534faefd909298273566
SSDeep: 24576:BAQVbYnsaykcDoLNwt5OMPC6tzNgkWhF5ac4r0m17:BesbDoLKDCGWz5+oy7
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 102.21 KB MD5: b5f4c9eef5e9eb26844a93e18e8f6cd0
SHA1: 31280a118510e75ec5f9b80b550aa95f0ca2f176
SHA256: f802bced80db45bfb9a52ba73e8d245e71267e68fdfd5c5c8d7a8238a979aa10
SSDeep: 3072:psyP/jxx4VMIwMf2KONtOSE0ADSjacVmvLumu:pN3P4WIwYGCDKJwS
False
\\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: db2f98c256732505b5aa723834fd6915
SHA1: 7ead6ff3aff0bc9588ca936c280c90e2199007e8
SHA256: a8396c176d6879072fcff45273fbe5d1488925ff59c9805b4dd57245c00853a2
SSDeep: 1536:RhEOZbpPJ6pe+SRRgp1SsoNsihXcSkV5DxPiZAweJDU9Q0jORfhlL:RhEipz+SRRgpoxeNkA1JDU9QffhlL
False
\\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 15c67905efaab8cd052baa5f80bfd2e3
SHA1: 01bd8c4f30824790335e916e07c1b4a662171087
SHA256: 11342740873d0f97e6c63477147983e73240cd3de8dc8d0af5512bbdac690910
SSDeep: 1536:HQ6Vqm4jkVs3S/o4vZT/NzE5N1eED/7L0QMmugVQ:H1Vs3S/FZDNg5neED8QMmuL
False
\\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 6d3a1090f6cee3dc0ef3507d8198a5fe
SHA1: 50bb6ac7b01fe02bf0991c0b07039a06070226d1
SHA256: a9d5c15536ae2610f040a011c7cd8e239f24a2193583810153e3398a1b2cb740
SSDeep: 1536:1N9Vdu+jD6iNu8KrI/A5tnF+ht8E7GgrbsRw7X:FVv61pzTn8EE7GzwX
False
\\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: e17af54b4a044ec57f9a3dfe2f2fff5f
SHA1: f52ac7190406b3fc8e8fa7410096091afdb5f43c
SHA256: d623af3cfa423620b76c9e5f7d3c204d363c391a58e622c089d65d055db3d773
SSDeep: 1536:56oQqUqoZPpdMgwf5humPYFS23cV5kPj38bb+n8ZcwSJ1GFU4cMjWOON:woQ5PNwf5h9eJI5kPj38KJTJ1GF9ON
False
\\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 00ae3fe1f07dcd9379db4ffe6dd08f05
SHA1: 1af799f09aef01d6821f3c88d7f9847aa37b21a7
SHA256: 8a823e16ad3fc26d9ad4b77c7575144467ae32b4d34e05709cf220fff1f3e26e
SSDeep: 1536:u5aEqqq0LuLFgm34hT7qVC4VtvZPQ5faWVBgfEixmWVR6CKDff+ODxpoem3G:Yau36Lim364HvVzRmct+HjLc2
False
\\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: f61797e06ab8036c3279444fca8aaaff
SHA1: 234dfcf5995bd48c43dd6f0c53c143e470e0e33d
SHA256: de98c55f41af6cedaf066b144b610fb3b86dd65242954cf92f22ae8468c6ac56
SSDeep: 1536:V+I2dZA9e7hax78bUIRevGLNkJzUm2u6Tb2nwtTQCAznS1ppfdSC:Z2danhY3ZC2nkoAzS1DdSC
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 23.19 KB MD5: 20900879d5624a739e36c6c61ecbc990
SHA1: 35495aabe736ce7532b7240a5799d1be22517edd
SHA256: 66fe41c1431017e3d7c4c553ffafeaef7344d255d4298bbfbacbe5b96cc5a313
SSDeep: 384:q/fJQCk8m2Udj8mOl4YEyZfo3J4O/9gqs4zopMoA6T76VbMd4kgzCMo7DU2h1:q/fJQ/L2rfo54O/anRG6/6VbXho7R1
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 27.13 KB MD5: fb0d9af5535bac8c0e3b44d678ffe972
SHA1: a95c19ec6caad112e04fabbe26c9787f89f92a40
SHA256: 06fcdbd31d0e3fc9b4790f29a93ae8b83d97497b6869cf2f987f84c3563cf197
SSDeep: 768:kO7V8tcWa+TgNEcfJFUC7KrxQRUJgkLU7JpdzJoR/jG+H0:N7N++EcfTrKri1dSR70
False
\\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 2a03927e33d1e368d935017b33fc2727
SHA1: 9cc7333d1b44eb68465af0563fca83fdb5811180
SHA256: 4a194a0698aedc4cd115cb296d73f9f74d985238387b4317d0dca2dda51c18f6
SSDeep: 1536:s1ruEzZOVYdtO/aVNyePWtPrliKJ3/nDoXeQgXvUj2JRkoy7oF:s1fzgK6aieOZYK1/nDJQgfUj2JWoy7oF
False
\\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: e1a2e1b1726a81401917b5242b28520f
SHA1: e2078d8f578dbcadf523ff40b2a59d25ad98e76b
SHA256: a38e633c63165032ebfa1433189d25ef1816a86f103ecd2fc2be0dc769e1ea94
SSDeep: 1536:oN1WkVMgKVhk6uz+e7dt64iIYGLkJm8MC9syeJm0Ru4QO8C++n:o5Vrqmt64Ldm79CJm0E4mS
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 317.30 KB MD5: 42f43f5dc67addf73995fb819168f9b6
SHA1: 8cd542ec742712d557415083df31372330749813
SHA256: 36ee8f38fbbd9c88b9160ac8e88c3689f97734685cf40866121541288dcb0551
SSDeep: 6144:lYzqfcUEcKBlbQ3nLWSgE56AGIdQtAHgpJiQ6HD1Gf4oaM8mAx3WG/2siMb:/fcdcObGLdgE5PDRHgpQQ6jUZ7+32zMb
False
\\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: fbbe2565555dce9462bff3b8a3cc7c08
SHA1: 260b41fc2ca9d9a7594582f1aa0b7f67b20f2ba7
SHA256: 3ba0fc43592fc93ecdaaae431baf45f6463e3dc4628fd39f994c466ae5a1eb71
SSDeep: 24576:5kz7xncCFE7BgXj5Vt1esP42JZXygZVr9K+:0nbBXj1hP42/XycnB
False
\\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: 88eb7885a51a7248549945d7049cf8c6
SHA1: 227412084fd47d759f0e65f8ce1d15855a4a1bb6
SHA256: 0711c0252ee9bf1652bddd542305b00e84df7fb82228f7429edb05fbfbcb3b57
SSDeep: 1536:xsgh0wIoyq26HD2FfXMaXGZvIkiKhngQgzvP4QZ:lfvHD2F/MaGZvIkznsZ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 102.41 KB MD5: 84dae5b5155ce0992ed596656ad6066b
SHA1: b4fb735d6502640730d171d51729762cdbd50e66
SHA256: f94d2ce43ee1b5ac332d5bd0229dbe5fb14cf96c34bce3cd0e9af0db010eec1b
SSDeep: 3072:vxl0F9k2obIJXJg1PrRoKNAm5ppQOW7p+Da:vwnRob3PrTNl5E/V1
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.30 KB MD5: 3cbe9391f02d9442b8ad402171bc003a
SHA1: 7f3de2e98227aa41383f57b33b0ff8f7b4a8f16a
SHA256: 459e13dd8140d12f58d041f8a254131087f8f03faf3012552c1fd23c2dce5ff8
SSDeep: 48:CG71Ru6XUX8UqcE5cyiM/4EpAApjChmL0JnoSaNJC2r:TLWqDiM/4EpdpjimL4BajC2r
False
\\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 913fa7f242ed9166083b9c83711e77b7
SHA1: 3746503c2b33341e077decc8807fa7e35fc2cc17
SHA256: a052f2514b8fa5f92ee9fc25b3035213fc34a35a85f4d325a541495fa0beb794
SSDeep: 1536:iapAiWcsffkJUIrBa/M/F2HUb1YlkCCyo/R4k3eIdoeTQYhc:iapAiWcgSUqfKUb1YlxncR4Se6o9
False
\\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 57995cff2a021169bdbf4382c79b0fd1
SHA1: 94453c68e7b37fe7805c7fe97c47594796666c5d
SHA256: 8b2e1809105f6360734a401a65a7b6e1b7943f5be5e1bac6c518e01ca1377a89
SSDeep: 1536:H7wzYZ2gzQdoPiFRUu81d6dKsMUe+kLW4hA8jNOD8jgvJT9L2i:HUDdoPiPk1pUefLWqDjYYjy5LL
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 95.13 KB MD5: e423457283ab383eb40e0a62dfad3bbb
SHA1: 736a9859b9f2f3c0ef4f1bfbfdc912b98d4f70c0
SHA256: 27306ce2d2281818ea5aad740014afbe2d327e52c8c9ed832acae0c267f97fb4
SSDeep: 1536:dR+Fhb9yfn4OfMsanhLlwxAmpuvzXR3IYK99tLcX77nTCH/QgBTosIfjPvZsZmbu:dQ76nxMs2hLlwRuvzFIt994PTEQrjPRA
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 18.86 KB MD5: c79bd4b54817595df55a335915532841
SHA1: 7102e15c087ba389ca7c803f824ca153341a1143
SHA256: 83025d8027a113a6c981e772bdbfbee3f3d7f10c385051558c9afbfc2bc5bb0c
SSDeep: 384:1nkcWhBZN1RSNyB5EvVdVRv5Hf6lZCY012RouAEUqIo7LNZ/x/J4k6xK:1nbWpc0UVlFijCY012Roufnr7L3x/Jxx
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.80 KB MD5: e54cee305f7ac240841d7a2e8157f650
SHA1: 9c6c2a015a81f77ef9cb5555b5a1096917b6ca05
SHA256: af372600e04eb1c9382c159c9007f1a11663a3bffe08da249fbd350cf0ee378b
SSDeep: 48:N+jzsPKKm3vSZ98eaoxRh0j7NeZatyvZgtA4x6aUNnA2r:GI/m36Z9SoXY40mnA2r
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.58 KB MD5: 0f45e360963d492e813871b5faaf15f0
SHA1: 632e210c15e6ae8e4c2e3badf0a1637cc7b68a78
SHA256: 9f5b384c66f8e342040f24e3df1c42490e7531b30999efe550877b87742862d4
SSDeep: 48:jiagKnfH7w1NPnjUVYQlAsUUIRSXWHjAMrwd8qLXAJrJzQAwb3VgzRd6HydwjM10:jiahv7wzPnIbAHSmDAJgr9ulUYyB127
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 11.08 KB MD5: b357e5b82cd838e7373254350ee738cf
SHA1: f10be986c3f80193ad07ff3dad6c36460d7cf252
SHA256: 892e5f116e66cfcf924b2ce0cb4eeaaf763d160b06958e33269c751817b38e4e
SSDeep: 192:qBuyh1M/IaTnE9Asm8Ioe5kWL69mLssxTKGoAd5UZhNxA0gCOU:Mh1M/IaYpW2AXxTvoAdekBCR
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 92.72 KB MD5: 5f856565ce6482fafa10a5e4bd082f2e
SHA1: 052878c405a483ec34d9410ba12614a2419af384
SHA256: 00649fd8e0661604986c4681bb0e2aef87b9d5314cfa63319e2ff3da897a5fc8
SSDeep: 1536:Z8yd5aIaE5EUHsQt7za/uvwq8uuekLsPrxPsMqw2Qg8HSWK9PiD9EGxU2DmW:Z8ydkvQr7zJp8F0dknrKHSw9Z8W
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 94.67 KB MD5: a29887610873a33183ed12cfc31db436
SHA1: cc6d903e75f4e68be7f918c2fc28837f8145eb89
SHA256: b1b832ae972a495c564e45b4db1cf39d6e92147430e02182d4b8f0dad9c9ccd2
SSDeep: 1536:TSRCD5Hny27mEYMJ9FIFi+mRAlPIC2cw8nN9dP0G/rS1gg2uBJd3iwcSI0lJyKs3:4CDRyUmEYMn++LC2KN9dP0GTkLiwcSP4
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 101.75 KB MD5: c288e2d45f124aaeb4f2944786f62a19
SHA1: 4387af2fb5cb58f384e34e481a78330441ee5fca
SHA256: c2a810639420acd8654311f0c4a7d2f5ed51556c707ac2420d21dfca6bbeafe1
SSDeep: 1536:UV4ID62pYSpw6NAgCYiu+/WMTZMSkvwJ3JPGiEdJ2QoCRomthnWtNXoFm2A2m/Zn:A4Ie2fpwqAmXGZViz2CnzGn8mxN5Ec
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 26.46 KB MD5: f1bac636fd253c53b51ed7704d8b5bdd
SHA1: 0d85d809656428041f2022597751143783df5a07
SHA256: 807bc8793522e23f93b4fba43daccc4a34d68570278c1a0170171521674a41ab
SSDeep: 384:Cuc1neTKkq/IGu+MjrrdRIKhvfRXLAkVR7y2vPFNovCcC80I1a/h3N+IPv9DEZTD:Cucws/7uHdRhNfpAOX/8ENx9+ntnrZX
False
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 2ae9c88a0a58da9a69790e87ed5bd408
SHA1: 8933c4964c06520a5bcf22509522ca26fe955f43
SHA256: 1f366faf6c59c377fedc3d96b4051fa41318fef30ddba1efceaafa0d407ed7eb
SSDeep: 1536:0ZFwiGaBnrLoki8gr1olapdq2cPxSOPuIQs3ikGqlQH6+ft:0nwiG+rLokxg6lMcwOPufEik3QH6+ft
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 29.39 KB MD5: f5e885d1c8cd0005e008eb8c819bf460
SHA1: a26cce7bc423d99086c291363ac931d8b76b7f6c
SHA256: fe00c339bd5c421a1f7774e8a5007224f13f955bde2908a8471673e30d3ece98
SSDeep: 384:7rTV2VrdEfSUFE1upE2RuIErgfDKqNSPOnDQ4KM1RgktctzHuVEaMUY3r+C1NdM2:Z2VhE5FQupeJrIwPWDfg5OV1arXdh6o
False
\\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 8559c5d99f34dcb1bec48b5b7e13e0b5
SHA1: c65e204acc8d679e14dd69227af29e0a60e98c40
SHA256: aa72a563519f8db90893a387ad72c8f48f5ffd075029fd2b9ecafab8c670b719
SSDeep: 1536:w+zsG5owojYBzGss5lSVNbdsNht19sZ3XT4q4kh2uWapx7gXh:w+AG5AYQ15lKbeht1963DnWapm
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 703.80 KB MD5: 136cbbf194b066c44b2fc8e7940f1eb3
SHA1: c2136b06471fd8c16f37abe5f5aee45afb00a0ba
SHA256: e7108d0974a770d54ca6f68596af14d974980a4aef1bfd853ee3698ec5bb080a
SSDeep: 12288:Lc1FIpyJaDhOmGW/fDW9FcW4UDhgcqGng7Slhyy3NQkZsc9DOf:LgicQ1OLWjZgTqGnSSlhyy3NB2cpOf
False
\\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 92546c72cf94be8970d95d842b948fdd
SHA1: bb154ebc0f1a81cbe3a032f7ae43c5dded04d107
SHA256: 30cb1a8441ebd22b47af2bb0b22468a0dd65ca03d18378fe34b0f11fa99dea2c
SSDeep: 1536:PjwXRBQng+NXTrUz8Nuu6hqyJTskZ/VdObV0YzOmeEaUm:7IRBszGoNehZQkZ/TObSsORzUm
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 32.44 KB MD5: e3793f6d1764f1cf90b81ecd43068a9a
SHA1: fe41fa4ce02b6bec67e0f1df85ba85af7a15795f
SHA256: 78dfa524347258af93c39bb5a38753c26eb987d7a1338cb0823565bd70021254
SSDeep: 768:X5gQ8LJh9soWH0UUeZJM4PANPLVh1yncwvJWEvRT:XaQCJgoWFWHhCcE0ox
False
\\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.30 KB MD5: b7aab6e645510451557a25a426a9d554
SHA1: 8b2339ae123ed4e89bc121e6785017235d99d3e7
SHA256: dbfe40ef69cfa1dfbcb2ff9924bbf2af1e469a6779676435640f1b1bf468c960
SSDeep: 1536:NwdZRugnIuygP/uvcuqSxN41Yk8XQt/yozmTDMYD5zL:mRugjjuUI81YBXQkoaVdzL
False
\\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.30 KB MD5: c069f914d5b2be865adb46c62ab5d6b2
SHA1: d3da61f4292ed49cd85ebbe8e22b74743e3579da
SHA256: 48308f2a16dd89b53719028fc6c7806969a46d8ff59da73fa0d5b861c61d8fb8
SSDeep: 1536:QXdXLFOPjf8Ip3vMIDRRzLvnJhh1VjXRoomsC/JWmUzOW/:S7G8030ID7zL/JhlRTmsCBWJKI
False
\\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 30264b5a5574b45487f18276343ffea8
SHA1: a15ed298b19092d7b67e5e55ab8d9f3a7772e3f3
SHA256: 25480d1784878eff96f05f6df41ee0dd4cd07b99536d466c40642b97311dacad
SSDeep: 1536:XlQv3qGxY1xjvmopU2XLmZ1z/YNACvQhNgzA4M9:wkjvTpd67Embk29
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 25.22 KB MD5: a2fc8fe9ca1653d87322a1ba014847cd
SHA1: 10ae875a6d08140440df5ce3e7f48c8f2533754f
SHA256: eef0e7f6290eb5d6b6e81d4ebbe2daded0ed273f7afae9e62812469ed109a975
SSDeep: 384:Hz4OYgjUC6FIvMUFHEVSEPlFVNB1I8DIid0gFhGYGOsFh9vc+U/h70CtpUJLI6:HcCjUC6FmjEPhN4Sdxbshjct0Ctik6
False
\\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 25d15b5401e8dd19c3e4a6fc169c717d
SHA1: b0a6880799a6e2be6c5cb4de5bd4210d2f664a03
SHA256: 51e0e84d7c66f8607e7c160ba57844c2519b5788290ff73e1599a652dfec10a6
SSDeep: 1536:A1jwRv3KTJCVoPfy+698V1mD88VLitO4CAwDG/teYhyiGuFn:A9wVaTooPflia1mD88UOzAwSthhBGuJ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 24.28 KB MD5: 941974b07572a1ac37904a2df892c89a
SHA1: 2ba1a3970e7da0209dbae49bb8bf548fb5738b8f
SHA256: ed077375790a1e11cc6d9b08203783e07a5af40693d365fb3eeb72ea9c6ab10e
SSDeep: 384:FobGgn3PhfE2PzfnDefWD863lITn4n+S0m9QHdGM8jNj+wVtdf8EM8VJ+VyWv:+3nb/2E86tloHVmvquVWv
False
\\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.30 KB MD5: 2e5c24d62e09f6627f1a47708789ee5c
SHA1: c709910c5ce278de97d5cd984d81489fecd510ad
SHA256: 72d6777e40aee5910db33e1eea2421cad89967a3769875175f5e13127597d90e
SSDeep: 1536:qdenwN40DJNUeusMYudTEU7AhQE41ZFWFEXWkMhErWu7L:qdeweqUds1hQEQZwmShe
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.28 KB MD5: 68ef240008c39a3f353d3c86a13a5691
SHA1: e76c157f325b1659a03098a440d8bdb559dbbb1b
SHA256: 38b48e4bb741463f463361e8a59f43ce7e7cf87dedfe87be064e112d4fdc58dc
SSDeep: 48:Njq3smbiGbXGj16hjf6TwcUHMu/452KjvHZ9n4N8mQA61Ee54sBNRMD2b:tGbXGZ2jf8w0DZ9ni81CmoD2b
False
\\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.38 KB MD5: 711eea2362f9b732fea5c197e2c5912d
SHA1: 38558f16b5b4805ea42e94c44ccc41bff075ce7b
SHA256: ffe9768b776e0ddcdc635a133ea82a79013658eb7292df341a7fcee561eb37d7
SSDeep: 1536:trYsPmd+nXNv1tvs0+28PMQb//A46ea9U6hes6hhq:tMsS+n9Q0+2SBbA4WUM6h0
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 24.28 KB MD5: 3bfbf38a59d008af468d74c1b3cb347d
SHA1: 89f5dac233a471ebb34937fec1df68b3410ebbef
SHA256: 1a17ec55be5cdcb8f81b82e2e9560451b84e3a137a19b5eb7f5ba24bd6b0abf7
SSDeep: 384:ebr4TO4y8Nr75HAb/NZM2aucuQ5dpPJfphzsuEhj65FvweydGhuPY4whUTHrXgfS:eb8TO78B9EZM2SH/hOA5xnydgCwhKgml
False
\\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 937104efee9b21911ff436c4faf237e3
SHA1: 673af75bc141d1d5e478b16672b1a5181394bc74
SHA256: 9c1c1d7b3d244d1b42571c44f70f0399440d235e85ef16bfed7aa10e0c5d3cbd
SSDeep: 1536:au01cuUn6ULfcyiMwnsXz37NE4haCCZddDmtG4mjic7FnHuB00Q:auocuUnpf+MwnWLK6jiXmtFoHuB00Q
False
\\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 1eda62240e886668fbe48e0c74b5385f
SHA1: 53f811f295df72468820719d1cef8fe0d20e1db9
SHA256: 8be034b1f3b63ddd466357e609bad4bc30b70d036b5194a9507c6bd23c3dacf0
SSDeep: 1536:NuEFI1dE08IJVIn09jTjT9o2olK7CN792bJZouwkDzQEbVoDspj7o4P:tFI3T8Ce093jTroPN1YDcuj7o4P
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 14.11 KB MD5: bfd1f1ad3fa7598fe97fabc3d26cb232
SHA1: 67570483609caeccf6e68d7e78d647e2566276d9
SHA256: 3c725d913af19ec78225b2f4c4182b62badf395e9849d9a8366b817bb6610d05
SSDeep: 384:sThnJE16VpBBxeNpGBVXrYQ2t24fGVg842Jhkne:sT/lpXx2cBFrYVtzu/4UH
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 714.30 KB MD5: 35a691db5ec3eca9e8b2d3876633e459
SHA1: 03521f2d4ab2ac004ee12211bc310fd78a29a6e9
SHA256: 4d3869505cbf17486e62969ffe8a7a4d638ff0ea3e41d8c5574d2f46f48b2144
SSDeep: 12288:6TV/EsEfhcdnq+mRRnIEHWfcoam95TdkZPC8YXNro04tOQc83BdMgjKlMwdF:6R/A4q7VItHuPCZ9s0MD3+P
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 171.06 KB MD5: f746cfa60cc452389c24325269a56fb4
SHA1: 2c3d95819b33a903c98d39871962b7d3c2fbd87f
SHA256: 97b23692d553e634452493686bcece8c5281d801a0bc4be44adea3521972b061
SSDeep: 3072:BmAmGKS08KdbMHRJd8d13zaoJTksv7VIJxsLuqFJ6iwBqSl6vRJTgy859Bk:Bmfj8wGx8d1jdTrVI0Lzr6J0vR9iZk
False
\\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.36 KB MD5: 6931e85683b3e139d9315610c807d4a9
SHA1: 81359d566498d4dd84c096ed0cb8b4359eda77b6
SHA256: 7143524d5a484db19aa89554c000e9a7aa5dbc7327bd3d97dd09a7381524e0f9
SSDeep: 1536:B+E0x3sRkkwc4xS9inUwEpPZovE7UGpG9ZoMvdGoUXg0Eo4:B+E0mRZL9CwPmMQGwxGyZ
False
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 3c3b39b41e1f6418fe5bee3632d988c1
SHA1: 582d98347e80a2ae7af55ee976de918f24d15f93
SHA256: b489262dc8821af83d2f09474e5f0e2239ace66429ca12aedef7e51bb9692e7b
SSDeep: 1536:8/bdPDrfyhFAm7Ma4zqp1CiRr0uozKpre8rr7b5YM:O5Lrk10i0iRgukKprb5R
False
\\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: ece3f27ebbc604e98565e4322a50ed05
SHA1: f81cccb46bbbdadb07dbbef6d0ab1015cc67ec95
SHA256: e9b14768cee7eeeb8dc6d0f05aba5970ab5ae758a9a8268c3c43ba4cdf82b8a3
SSDeep: 24576:c94s0PLLaMgicJdisuw2PwvTnYPFJUFXsveq5:U4VLLa7icP4/PImJUJ+N
False
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 566b83140f0b5ccbcb2b6a696db04228
SHA1: a5a01bf49164f3de016f94d2e07e8ac989c69074
SHA256: 86a98640dd8592b0ee976bc5d9a2a9d79f7367e6fe4d81f5ab8b9aed05e60d73
SSDeep: 1536:NI9Ty296stKGToi7f8MqBD9W10lED9moarSrAZndq0NDm+:NI9Tr6sZUKxm9i0voarU+ndrNDn
False
\\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 89398a3e62045a0751871451de24c964
SHA1: ab934a0d3cc66e93db962bbe9e8b17170daf6d95
SHA256: bffd079e7bf9d307ab043a5062fd7ec1656ef6a88f0f86b889c8df2689a2f1b9
SSDeep: 1536:ABoIfS3xMyOTls9scuoRTb1RYHRUHHN7kytCKPOmPz:sMwS9KoRFwiN7kykgOu
False
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: d7f416f8c13589875c53e32855242a51
SHA1: a0d705ca96202ce211e5a8a05126393a365b15cc
SHA256: 7a599206c68a489ee1b2cbfdcbda1fee131bc0ae1ce915e43544900dee8722bc
SSDeep: 1536:I2+v4nfVMQ2SczmsAmJ3i3QRGN86Dya6Z9q4hvzlkQHQX:INv4ntJNczrLFi3Q0CKyam9qslA
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 963.47 KB MD5: ce4d89835e84f55280e97cbae30b09ee
SHA1: f8deeaa380306da52d4fa41d9d76a030381081fb
SHA256: 10ea852a6ecb795e857a96e7c01c836858e9907ee164fc23637ee8389cbdf274
SSDeep: 24576:cWZJvgkLCBjza0a52VMO0W6s5KkkbcjXvQQuiQeBn3iR:c2vgkG9zvVFFTkVbcjXvQwxg
False
\\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: f77329d4d43a96933df9ef435f2340c9
SHA1: 1e6daf7dd9902173985b184c6a2b2411aa656924
SHA256: b2796e2882fae6009281054790717ba0025b644f4913cec96afced78be7186c1
SSDeep: 1536:Pbb9Y+TdGhyPAK+npQQLQDd5ovCyDO9aM12O457+Z4AtZt:Pbb9Y2doZTcZ5AO9TgOK6jtf
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 85.16 KB MD5: a5ec44c0a55441812a3242dcd5a3c200
SHA1: f83a652a14b9245f0d651fa22ade5a8e45b99d46
SHA256: f3097ffc1492620fef92e6bed4bf0ecb2749390367cbbf0589fd16836c1b0a37
SSDeep: 1536:flelEJorNZTrUbzniZHEZu0eqzemwN6Ojk+qpb/O1l7fPvwrvLZTT:f0eKZYzeEaqzK6Ojk+gKJfwrjZTT
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 76.53 KB MD5: c96425abfb347df36596240e9271a35a
SHA1: 9b71f7eee0182380814582d4aaa3bb1593d9a9e5
SHA256: 2a703a9949a9e2a5a4b8d6f3ef776c47f1e036aaa40f9a618cd4030967cc8bb2
SSDeep: 1536:pNWaWwS897j0X1GV+nEPRAAng9aaeC99yUMaI4b:pgVQ8X1GUEeAngIaeG9cu
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 3.55 KB MD5: ad8a693432ab8069f958107f75c77629
SHA1: 528ce9d5cd46699e4add7d95d25688ac299c37b8
SHA256: d3acdb605f67730af8ae23a6053fce817f201c2dd94bf560aa6853f45b56f2e0
SSDeep: 96:yuDZnXF9CSb+BcIlGswbP8zJgZqjraOzgS9+DmohaEeiK27:yuDZncyIlGscugUjrvzgDaoann0
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.30 KB MD5: 69df0953e55e3ad8b2551eefd60bcc7e
SHA1: f2132abd00eee4ae2791c6676467282e04d8f3d2
SHA256: fde5152870267c0cdeeae73f49cacfaac5253572a0316736822d3898b7e4a3cb
SSDeep: 1536:b6pwLWYl5A5/YE2L1RCw9WeU/2A5ZHVV3MXO:b6GLtzaYE21wAW1dZHVV3x
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: d63ef4b5f824a4a070471e8d4c394f8a
SHA1: 608b34225d15ea6582421efbfd4f419b1c300ef5
SHA256: dacb913a08d6b59c023034224e35ccde92de7faeec229e7d02cc5b2318d0e269
SSDeep: 1536:nXEvl5ePA3ladYF5cRoVI5cANs6D+kql6EqOJX/6UOJHPst32o0:UvlDa5sANs6LqlTJJXylvstGR
False
\\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 3dd97c6a317a743321bdd9e8ff6cc214
SHA1: 297ccbd453d7c1132c7f848fcaf4f33b5ab8a2d1
SHA256: 0fed2ac9b2494993e44c817652de2c9457906546b339a822727bb566b1c8f8fd
SSDeep: 1536:s+MNVfJry6I0/6vT7QmbSH9K/EYGlea/QzpJH8rOoRy4UclVA:s+MNVfJ+kyvT7JkKEepzr8aoRy4U1
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 3.49 KB MD5: 41d1931bcfa3026dd8de150af7198a1d
SHA1: 49aad778b786c08a0a75fe1530832ebdc5880160
SHA256: 5cb945795cdee1bc0f824af67c17ae0292e643bffa7c0bd53ab71b589e92be10
SSDeep: 96:a7TVJm1Whenp73m1XZDFTrEfvhn+BtLJ5tdXz4T27:a7TK1WhenpDm1HfEXhnAlJX8T0
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 405497348b33fb7e3b26a2aad4cd6d1d
SHA1: 49db6c1f9ddabded729e4e53f246c8da188f20be
SHA256: 14b7d47aeec7adb7768c1548b0103e01fc06ebd676f1bd07b84777484f47d26d
SSDeep: 1536:vbUNfieamMuFnFdxrO+/Uq3whlTb7gouYOTP5r:OfuKvxi+lghdUounxr
False
\\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 576c68fea9042c774baf425f15477bb4
SHA1: c5a12b4ebe38f60fd1e26aaf7052f340fc5c0393
SHA256: e289e93188fdae1c67d62b15e0d7eb1811f823f1c7eb75d6f6a8f9b6aaa21fc9
SSDeep: 1536:qbTP6D84n4dG0rs3oxktsABz/UChLwGhQVaWXQigmxsBcS:qbTPjDdG0rbOszGOVvPgD
False
\\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: b6b94c1e421c60510c3d275fddf090b7
SHA1: 029cf85b138006b6ac7b11102c3161347391da01
SHA256: cabaaf1812468e57adab75119f5495687a5bbed337ad1b6b876f0197dd68cd85
SSDeep: 1536:jquGDOJIJwJxJQ+vVT0FcdDKIyimSlx4j4NMSZU1:jXG6JIJw5RV3d2jiBx4R11
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.36 KB MD5: 23cd9bd073bd367cb9867451e9f0959c
SHA1: ffc6fad535f851bfba60d8c9586e92f27ed7b716
SHA256: e63a6c2a3b7ae6561fe10cd4847d67f20402adc54081dd474248c2cd58e80740
SSDeep: 1536:pljaBO/rDQ+ArtgNWsKC+OGd5i46Ju5aAOmGD5Yive+e1:3jvAumC+bfkoajO9R1
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.38 KB MD5: 079b522b48da63675e04240d94c81992
SHA1: 6350371db9bfedd3901bd2a949b7719a0b24aaa6
SHA256: 7430f63795bff2b7bdeb02683232a63d205fe0385232e96dde74e9627ac97b08
SSDeep: 1536:vkt6rHhUFusC1E5Wa+89XG/XtwDrE4hEtwp5LpqIrywD/qV6E:FrHKHXFG/tMCtwpLqqy2qoE
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.36 KB MD5: ced03b801f379291fdca858b5e6e608f
SHA1: fbf86a45d5c12a618637af29c1e06f6f8b48ce17
SHA256: a40b328f54cdb5597ea989a9ce460df7b45eb39f9bff393c7e1fc7c3570a46d3
SSDeep: 1536:/LF96HyE9UuYRQ7/sxx5GPqbp6ENCNEHIoJoxxX/vdfrGTCzs664W:/LuSEmuYRQ7/sDOqaNEoCg1vZGTRB
False
\\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.38 KB MD5: 9a486b04d1146712e760e1533af7855b
SHA1: 89d977af631d463eb7164e91c430830d15f46192
SHA256: 244a969b82cf43299c2426fc56aff0463cadec7faf19f36e344336546665cc32
SSDeep: 1536:b1zr4z/4JQ1Voy2HYQhhaMBs3uHXx9TVH+//e/SA2ND3sL:ba0JQDQH3Dx9TVeuSFW
False
\\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: adc971c7322075e2eca956521c6f3690
SHA1: af965bfdab424335d502eaa30228a726198142c2
SHA256: bcefc0d799fb7be7e1b5715426f963402cb7ef4f83f03d2a899c80f4208cd7e7
SSDeep: 1536:FNs88Im73HOL2QT0nHO8uwSmkIlsXI+xrRCAv:Ujf+L2lO8XSmkwaZTv
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.64 KB MD5: 15aec5b09c4f48be8febb5a3f153a18c
SHA1: 36938ce841aa2bf5e18e25d758734a9239abbd1c
SHA256: d79e63512be4ce501e4e68922498c310e8c000fdf1d3e3e95ed2aafa4e6b005b
SSDeep: 48:B32140iiLtHbsYxq9GyVgplr8s9lsqlNQWHEZlWghtDwt/4nGLZ4g27:B3k9ia7sYhyV2sqlNPwlWgDkww/27
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id[B4197730-0001].[costelloh@aol.com].phoenix 1.25 MB MD5: 2a4185dba6e780815f40d0a9cc1223b8
SHA1: eb4c4bcdea4ae1f0021861769eb9dddfc5b755a8
SHA256: 2e021d35638393d9932a996d87ca19526334e0222bedd881fc53dab6cbef63c4
SSDeep: 24576:hjPYyDDNQpNecPumF50VdDQoGlyzMzvBJ7qVK3aCTU+PS52uxMs34:5PY9NPum/0bQoGlyzOvBR0OvTU+qPusI
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: dd13b774c79e97ac5a20f82394ca908a
SHA1: 603feb697651fdf9fd3470463558a5a9b8fbe8f1
SHA256: 8f57021cb34a28a79688b5597566d424359557529673075b5633ee741c062b98
SSDeep: 12:tpziyB/FnHQNDlXaJKXPP7z5ZSSeTOTmdSDcu:Lt/1QlloK/P7zq2yd27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 834 bytes MD5: 14e185eddf30945c8868cf4d27b0a876
SHA1: 061e183460778cc7ba20d550ba1c635493893efd
SHA256: a08e931a3ee939f0fff51e32823f2cd87cf41056662d40c7de9f3d5fff7a84cc
SSDeep: 24:oFuaqbvoK+Tvop28mlLV2+jtwZiknHxZ4yd2K:8NqctTvr7adwknHxZ7d2K
False
\\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: deba018792e01c3bc691da3cfa05be4d
SHA1: 42610317b9c9822095b98234f8ea1e190aed4194
SHA256: e85b5f4205e352aeda62646dfd459cfaa0ef087cadcfcaa6ce84d022ad423acb
SSDeep: 1536:SpA2fl8Ix0ZUU5WHF0lqadmDRKuIG+OfY24D/2xXt9nQJ:rwuK01MHu/sDRKuIG+OfY24D/YXt9nQJ
False
\\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 5813503bd21a169df2c52f9dd294337f
SHA1: 17f3dc900871105e1b19cf797734850d77b2f3b8
SHA256: 4ad2df33ed069873e678b82f103320a69b7d8aa138d0d84ed2b1109f4a91dec1
SSDeep: 1536:9o7eJKIC1uitd2NRYxS+pfUkR8eKfAq+N897YgJCPWUb2vI:mesugIIS+Dmb4qO89MHPJb2vI
False
\\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: ed0d12ed1a3229c3376dedf9b9c093d5
SHA1: 737bbe7acb0802351a80450b59c94dd440f0c6b3
SHA256: 6adc73b5a564f2d4bb4c1cf1ef6f253e9a86eac1ff03bb1fdac04970e426ed26
SSDeep: 1536:tUI08W9MzAzwLLHQQ/OoBHRjFk0GRd0C85FE4uys3tnSjhPf3:qFqLDZVPk0GRd0CyFE4uyMFSjJf3
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.52 KB MD5: a6c6deb6a6e24786abfe9fc886b2772b
SHA1: 6def67bd4a272ae0516cf4f1d70401c293a809f2
SHA256: 2fe1edbac5730810e0fd6184b6a3d2d0256d40f79eafebe4e7fcf8ce3a97e43a
SSDeep: 48:ceE6qVily+yBG4V+jSd8xbDwXUr7FJ6ZXSu27:ctivzq+jfxwkrL6Ziu27
False
\\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: f3021b66504194bdafc9d82e3729aee1
SHA1: a09b8155b1533cb0b8715a4f70296d6da5cfa8a4
SHA256: 4b1ea5652315d5eecd770b6adaa7d1f813c33b11f97e41beee66589d11085833
SSDeep: 1536:A2KSXRbg4TsrPkw0UTlxxkTOfAGg7HjVVDey89V/l:A3SXLTQc+l9AGgHK9r
False
\\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: f46e1c1652ac1339edb8dd9600d4133c
SHA1: d7ac471367d44d4ed2a0e031fc4f83cbed25d230
SHA256: 087fe3a7799048774d9db341f1552948e3bd451cf80f140a7160cb4c547d6671
SSDeep: 1536:rMSCIRweN9wXmtowJwSoB2xABCM2nVh6N0ow3uBM:Wkw6CXmtoq9A4JnVhk0o0h
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 5ea403d57678863ad2f60bc586908e95
SHA1: 9d5241b2088488a57b309507ecdbc0ac67cd5ace
SHA256: 3fb599416520c7689e3fd3766a02028b75503ad5d2b034015b8c9c84de93d84b
SSDeep: 6:cRP/DvpyrqH+p6SdVEnzpOuEkQ4IeHYo9N5E2Io/LDvAOyQZAlAcgObvraDMHjDy:cR3Dh4qH+88unQOYo9jE4lyQZAWoSDcu
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 674 bytes MD5: 3242af100aa5326b64f5d620c9b1af36
SHA1: 66e64104c186c66105780e365e5fea78eb0f98a0
SHA256: 49c24433afafe7cca4fe3ce00c1fa4146bdc373067a6097c3e7106f52417e819
SSDeep: 12:pNg3S7PjuA0uVqdCs/OQmS2mQp6W+jF0OSDcv:U3+yAxc2Qts6VT2K
False
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.33 KB MD5: 0caf0f9aab2960611f2a6560a6399e12
SHA1: 76a11c50b396fd53d26901c836c45596a65a991c
SHA256: 257ea4dfd4bda3e0cc0fa4d1f94c0d5b21283972413b5d45bbafa392ffa1bb49
SSDeep: 1536:1Dxo9rxoU2z4rTGq9+voeIKVAKw9j49x0i/C7dXS3ftY:zohqU2z4fZKVAoQioXt
False
\\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 26383ed646299e5660833b5eb49b8404
SHA1: 3120efc3c65bee778e8d4ec8e54f72b1ff6463af
SHA256: 84e52bcb2ab82f953b0ba59bb041afabd7ba21fc570a0c4fe68c085429db4cd3
SSDeep: 1536:HCg+3HXpBQGwyHvrCH8CbOq6LMkZgKBNPocLVAdjV4tGA:H7UHXXQNyHDCH8CKJLZFPANVfA
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 3.44 KB MD5: 92929c796561c92035fed16a36276f7c
SHA1: ef2be2b72fec00ec57df30abad9c87244682fb7f
SHA256: 9f24c32c62133c3f4a49905fda2815326c5f6907e2c9b78c442bc5fc299e08ff
SSDeep: 96:YcexPpNc1smHsoK3+UKv4yHCr97cQd/9y27:fipeFL4Tr97cQd/s0
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: de13286280c1ef214b8aca847c6b913c
SHA1: 1bdb5836f4f9909edfe27de73e8b33457e55e426
SHA256: c0f67daad15ecfba3e377cd5dfe0d37033a8f6093dce62cfa5f1bb69137fbe60
SSDeep: 12:T+az0d4eL5iVetljQAOqQmMS3cHqtadDeT+g8SDcu:xo6eLYIbQcXMS3vw8827
False
\\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 498 bytes MD5: 89383cb95dd1ea0d737c6a08ed24de95
SHA1: 84edd54986304ba3a0f7901b9564a07371eed4f5
SHA256: c99f2fb26a392f285ccaf1b3395291101443e4e95390537a55e85c84821a73f6
SSDeep: 12:IVQ9VfxLmfXw+/luSU2jkbHNGRo5iwaqOSDcv:IVQvxmX7lu92jwHwRo5iwa72K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.85 KB MD5: c77a40af6a15831c91685eaaa1048862
SHA1: 0a3ae2df3e65ba0dac89b1e595a9acaf0c2785b7
SHA256: f4f5b6e8523c30d91606d193dac2a84380e81f1d453630dac2a1de4996ba3c16
SSDeep: 48:wdpW8koVanj2MG5JLFOyueyT7ZyaNRoXtPY27:wrW8ko1DrhHueQyy6tg27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: dc20349c79d0d91d94e0ca13c976bb4b
SHA1: 76f59050d2a3aba0c1cef5b7ac892af334cf574f
SHA256: ed64d09d9e677931faf7641cefe63b84f73f5f6af3877ec38b1aed7e13420306
SSDeep: 12:gh/ME6KDQkVLjtDXZecd8clYMYuXIhv5avXRSDcu:gpMEJNZkskY4hv52XR27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.66 KB MD5: 7b4d86871dd070dfad90c1ac1c8599e4
SHA1: eac961169f06680657afa2f8f7dbcba3394d6385
SHA256: 5f27df25f7e359f7733234d3a973fa6ef1cca808a8f011b33b8653d956b39b64
SSDeep: 48:eWMU0r4O7RK/YsIYK8HhsDKtu2+QfsBXAwAiuTWcHF7bbvex27:eWMU0r54pIYoWCm8YHl73E27
False
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.39 KB MD5: 4885bb0db1e40c35127ba996664a107b
SHA1: e9ac0ed14b0869062c5e2817a2b023aece9c7c65
SHA256: 506abd62e51efaeb98094501df686976c8b06bed6c82bdd48460fed7a61b460e
SSDeep: 1536:6VSKhy7F0lfej94f6e6E29H/WCtXROPOCEKNNIRg+1OLK:1ZF0QwJ6jBDtXNEN/+0LK
False
\\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.35 KB MD5: 7341cb4d76ce693d538bbe527b190f59
SHA1: ddef151f2687ad39bee22c7b9c43d4f900bc2977
SHA256: 0da25acc9e9446d810e70d99f8fd411078972356582aa2fda0ea08adc73acc13
SSDeep: 1536:A14P3J77Xp2wX5KesgpZr0TTB7hS3ciuG4rnLY9JLMMvLIQP6uMU3awcH:A14vJXp7Xj9pcB7BiK89hMCVMScH
False
\\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.31 KB MD5: 413baa634528df15268864904c29c2d4
SHA1: 1e3026aad595f3a020ed50b606032148bed422de
SHA256: 7b4ffc58bba843d07109e1506e99b37d547b96da670962da1b9974295e31a209
SSDeep: 1536:wEtifrMPwDkXt23sMBnCMe9pkDdsMD/kY7N3:wEwfYowtGsgCMe9pI/z7N
False
\\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: ba7976c8d17a80d4a1d7326d4eb009c8
SHA1: 79bebf7885f7220fbd1f10f3441f23779509c278
SHA256: 2c49e1ae513b9b6f5c4060392afbc258a0ededb0a3753978517f3911aa183866
SSDeep: 24576:D8hFP9gQLCSE2A5VCMOQ0fATRwlnh6PQhMxSaLgFmTSXdpfUr:mxLA2R/mRwl8Pnx3Hum
False
\\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 674 bytes MD5: 7869f1b68d747b751876b0eb98720b8d
SHA1: d12ac5281d7b8e86d4a833fa88b43d6ee01c7961
SHA256: aacafbb0e44fb974cb0a259818ce170839863fd867b884ecbf47c13e6871e756
SSDeep: 12:0jwsshA/aHG9HRpICSLoON90QzpW3P629+m7ZG2kUq/SCp+QmUs6SDcv:zss2ymZSsONpzzm/Z3g/6Q862K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 498 bytes MD5: 47689c901a1f67190d5a506e477ee080
SHA1: e77195704fa0202c6fafe1494735c308fb1bc22e
SHA256: f33d368577b7982a7a90db0a083ba9db31bed008fc89dcabc5ffe606dd171ad0
SSDeep: 6:ul+vG7a6kK54xDVh5yyV+NB+kUQrKh0bt20dI6hD1PC+CcbUpP280Je5SWR9gJ7G:/56ksIphwyVSvn5l4+/b+P28SCNSDcv
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: a1c4a3d9b8f20f6c8a2098f9751eaebe
SHA1: 788f61b7f36aa97853d28e9fb0eecf20a0f17c1c
SHA256: ab82364a3c2434b913d18bd3703d030769c914ef6d30c71e2c7ff2c7b598fa1c
SSDeep: 12:rBpts5qEEDMuPvuknPWHZhxQqN9K2eRPMAYSDcu:a5qEED9PvtPWHZhxQiKpm27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 2c5dd59f17735ca463800685397763b4
SHA1: 0ddfcbb98e04200788ae4c5b086407d509060dfd
SHA256: 410fb66d01d6012953498db40feba69d7ca0e7d3043537ca3cf11abb357fc985
SSDeep: 12:DwgvsKRXImo+0sfAJnQTIrrvoCL0v1Wlyt0SDcu:Egx9fAJnyIrrvp+Tt027
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 5.22 KB MD5: 94769bdca1014d5b241981e1de881b16
SHA1: cf3b5e93d1d3e964c9d2fb1d7edada1b71799f9b
SHA256: e85e4a313fa92d4ca50ff9abc9c6fe506a68de0e2457643c6e0ceb729214284c
SSDeep: 96:L5kU9kj6ua+GuWHH8R8EnUtXIQYR9j6NkTg0qBcqvRzT8FSi9y3Csw27:qUoja4WHs8EnWlWjaztzCb9yysw0
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 6467992dd7f5952504e4deff8fc0b5f5
SHA1: 05ff7169f22b846345b9f82daac5d7c96d16e20f
SHA256: 72d3ed99d109321d07ae4dfae0f776372e08faee5d9e126818b88d21ee6d95f4
SSDeep: 12:uCqOmwOgrjt167zeXcUiglpGDkn33FwqESDcu:f+d8NDiglNc27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 818 bytes MD5: a03beea06450d34410724708cb0c56a6
SHA1: 213a53c94d4092d4313cb6b71c1b93a31229b1e1
SHA256: f7e8b07bfc07a5524080355835fa25a05f9123d89207af208580a9cc9ac7412d
SSDeep: 12:0lrp2HqSDSueah0V/SmZ/Ep4o80U/2WS76MpPJKRcaKfulJ4SDcv:orERSa8N0UbSGMtJ9C42K
False
\\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.00 MB MD5: f4f3c0de898f5f1dc6599c530ab80ddf
SHA1: ca85ac788fb622b74b9a6ab17bae2f134386c67c
SHA256: 332d11702a274e8af4cef34a3b046a67d4dbb24b7765fc37fd23f3de266128ad
SSDeep: 24576:RTcn3fpvuJQZdBYD/htzP4xGgcav9ZG/DMbx+WDY+:On3fpvuICBuGBa6rMTh
False
\\?\C:\Logs\Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.07 MB MD5: 9eda76d016ed63649a76f80714f603a8
SHA1: 1626a41b9e160c8744c8881077fd911223459600
SHA256: cc1167b00aaaceecd020699806a22bdab388649c4ef737e67a6d9e34a545cad5
SSDeep: 24576:NUH6IQVRHAoD7Dcd+cr6yGGlT0aYgIdN2ogrgIntbriRl:a6IE913cMcr63HaqNLgvbriRl
False
\\?\C:\Logs\Setup.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.25 KB MD5: d0cb2141e83638909ecf52bbb00e1e5b
SHA1: 0a4ccf9d132d8414090a3c51d86253adc1dd95ad
SHA256: 58a13fa149f4d3e2ca9c6fd1f0b2b3a376234782984c54416fdac065741faeea
SSDeep: 1536:T7f51qib6Zghd2rtddNeSJVxOeG5QOOmcOek4qcU0H6Fz7IQsptfT6Ohe7A2iQN:THpsYd2F8KxOeG5JObPk47U0H6x7IQsI
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 514 bytes MD5: 00cea0dcf991439c591c46b3b66cfa71
SHA1: f74a7d355d157f86ff2d68b5bac84ab265aab336
SHA256: c9983122b53a248aec610b2dfc382301877b8ef884b30fe39453122ae8204a99
SSDeep: 6:HEQvtJQ0fCsr9AXFuEPJvqHbMQCSWGX8mKBm4/t/F/WVyzMHUPUmFqkVYDH/6bvR:k4e0qZbPJvcjiwMzMHhAqkVc/6SDcv
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.14 KB MD5: 5355c583d0ceaef908afadf0f9f65bdd
SHA1: 3f04f21c4146fa4945609a89970a414f28b48bb5
SHA256: 87244d8416644d81e43f953308725207f2207fd70a0248bbd582d27536d1f13f
SSDeep: 24:KU+ZrOG//ZQ4Yaf+lICdj01RrFThmn1Nzb4uNUpp55daTkG6WUe27:KU+hPZL4LI1RrVhmnHb4uNS5vaTk3Te0
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: c12d78c5e9cbae0994a43d7b52d1ecf2
SHA1: 123c69229c7760cc884e346690b38c6296ba833c
SHA256: 1f93f7cfbd266784783b039b4022a3bf01e6643d1255d4b46f39cb43e6dc12e0
SSDeep: 6:PFAcBmFJDpSBpM3rJ0e8a1Z99EYdR6rcSMW25UcMv2UvM9A1wVVAkHnPW4sHEgbQ:dqSPSrJ0Sv9DdGOUcM7MOqVNP8kgSDcu
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 514 bytes MD5: 2dfcef327cbf7b63d63e8180195fa760
SHA1: 1a3031af590f1eb0b8e2b2f9e17e2164354e137a
SHA256: 9a044cd965b0de3be3d6090df509b55126d6e764d5d70757317fac4d61381cb3
SSDeep: 6:iOgfs0YCeceX2YE/Lql1Suw2ARUYPADq+g2IIzKuyH79Lger/MZorYRrYbvraDMb:mWGi2Y0P2AtPhu4kGMNYSDcv
False
\\?\C:\Logs\System.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 1.07 MB MD5: 386c372cc7d2d747a36186a36689342d
SHA1: 944ea0812caef38256865ab43baedac520f6942a
SHA256: d2a0450fe0cc68c6d9625b3386602a51fdc0b1077eabc236d41555b74eb51c0b
SSDeep: 24576:T7qllBVqxV2azj3F6Qx+3gmtNwRBlkN+sBDX9BL+XNrjlor7P6f6Rt:yBVE2a/Fj8zABCN+s52XN46G
False
\\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix 68.27 KB MD5: 38f833af96d7986c251e834b36121f7f
SHA1: ded3934e7500014ed5bb4cd76f948c5d184ef84f
SHA256: a9bbb87c2d1e683575fbd7b9c94cdc0fe3c2a764235d9f566cec4cd27b021fad
SSDeep: 1536:RAt8E7C75wHOvaz1pEkLnTEf4zIb72h4Zy12Qispkt+lhiY1ee:RAV058iaz1pEQng4i7kTjlj1ee
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.46 KB MD5: 98a0aabd1b4e506e52e05c4f78e28930
SHA1: c2114ea8b7c3417b6db649ea1bea5cdb4355933e
SHA256: 2dd09b81492b685964ba1c9e80ec9faee166d4de8fd727d809329bf7f2a58359
SSDeep: 48:txLgSVglLWhEvxKhq0IlYB1Sd4LWJMVwd3OoEaVQ4mFUnbGFZWh127:t6SKlLgEpKhkiB4dMWmw8oEaVQhUbGmA
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 85c29aeee6cdcf8eb132df22cb91b4b5
SHA1: 00854448c04008169e551417d258199018bf3792
SHA256: a5ba213f4525ca70f6c69a7622e2109e3ea613799e0fa437c8c8e75c6129e454
SSDeep: 12:7EWcdMdvk+bb1/Kiuqc//oqPMls6VNgV7s700OSDcu:7EkvkuAiuDoq0nN6oHO27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 706 bytes MD5: 848fe970e6e9ac2e79de274617a3bd97
SHA1: ae1fe54df4bf6753e306b034ca56b7ea7f3c6b57
SHA256: 4a10c97b7c83a8c3e9864f814b3e52207af696f2c9b8e2466679cccbc4de0b18
SSDeep: 12:BPHIIdOL/jzhkV+OqKxFlgTD27OkNMByUTfNtQcJgeDrRUNIIwZTXzlqSuSDcv:BPBcjGfgTD27OklUTfgle6UZTXJqSu2K
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: 7af2871dcb3a3e410a051dc70421307e
SHA1: 23181a56327913087e2f18e6f030b5fbf99514e8
SHA256: 80ebb29cd26ec78d97d4d45325c9dfb7b562b69303998515b8b02d184fd8ef54
SSDeep: 6:ET2mE0FDbbtSeOlLjux8bY0pvGjnuLuDnqbpI7OHpxZOl0P:ET2m/LoeMLKdcGbcsuxZn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: 2abe9f8ab65741200ef925ba7ce49e92
SHA1: 5ba6b26232ce83492162c16668647f1ec0266c5c
SHA256: ee6ef161d806a799937713c84b776a1229d4494a617ed05c030967377540afdb
SSDeep: 6:WWJ/9SCQ99ZuX1ikbeE/ummF8I72sHzof2VN2nqbpI7OHpxZOl0P:WWN9MkHifj8Ivz+MNyuxZn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: 07894d5bcdfa0b256e72a5da3864c367
SHA1: 7962535db62ec33c83d4548a0b79b7ab03eeda5d
SHA256: 9f00a2969e159a6e6e9d92a5f797bab1a3aad24c6a6a8657fcac574d6125d836
SSDeep: 6:uJNhrQAI+Zw4RFPzdrJvJkzyAM5Ma5Bh5V8kyxMnqbpI7OHpxZOl0P:anIWVTP3vKup5Ma5BrVP/uxZn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: ff4bde56be40649aa682b44164ede53d
SHA1: 25bd67c10a09c7c1d1af3a1af869940b7b846a37
SHA256: 12c3eecfd8e8655fb19a33ede6933932831b9b54e4d9ddcdc9a5bb9db7acef3c
SSDeep: 3:TQaxLrDGSGDRNDENTHy/szxNcTrXly/6uJt3+GQrAyedhEX/F4NqFmqbiSA8Kjkz:TQE4DYgPgQcHi2nqbpI7OHpxZOl0P
False
\\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: ee90fd617bdfadf716bda1b308e95d2c
SHA1: e64d8816ef49202a835845c7aa58bb97b087c71c
SHA256: 0b9c574c2f503fc6b996ef3ae0268bf18d50ed1ac44ae4539fd940a08145fee3
SSDeep: 6:NVvVaLMhYx1Gh4nW2yg3NaPSRZdmCRllWuaWnqbpI7OHpxZOl0P:NKLMawKyUNaPSRpl9HuxZn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: 08de03fc972232ab896b9f0a1ebcde21
SHA1: 7a18f94ce669e64923dabd2575ffad1313033bcc
SHA256: e7ee27580108450728f6cc9e09f0755bd0aeaf1dbeefd4aed6387514d54e4843
SSDeep: 6:9FsExryESc9XL/oakCCy7KuJQZPe7Z+iE+zW4nqbpI7OHpxZOl0P:9mExry7clR3Q2+9UPuxZn
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 9a9a071db4e72823355ba04d7394948f
SHA1: 6016dc4ab5e4c9c92051ff17d81be59a36268518
SHA256: a7973f3025138f894a2dacf16cca7972530723541e4f3bf21deaba40ce4221e4
SSDeep: 12:HghU8Z3J+/3Z/25Lws40c9rkMBiFY6SDcu:HghDZZ6Z/QUs40c9rkMBiFV27
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 402 bytes MD5: 4ed04d392b0b90095304995dbd44a056
SHA1: 07385f780aa2e6fcb180ffa5cc53cf1dec9c742a
SHA256: 285b8ee0ed2420e9a7d55af4a46634f470081c69d30c87a827d41afbd4736ea8
SSDeep: 12:NQOwCf9zXLL9IzRgASQe+iTI0WQnYuxZG:9wCljXqzRuBw1QYuvG
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: b57c0daced33b3dd5f8bba6274ff3eb4
SHA1: 7bd24c0b67abf3f01235660966efc40b402c17e1
SHA256: 734e5a09a2331aa8e3280288b19ff47e7ddb5c5c4b94aef259e09ba11c6ca57d
SSDeep: 6:weIlsg2VUH9F3sg+sWvvRKp2SJ3oeIUOQijxnqbpI7OHpxZOl0P:weIlsg1HH3sgLgJKsSJ3oeBRijpuxZn
False
\\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 402 bytes MD5: 52cf3ce9419386c42631db19e9f862e6
SHA1: 83254a1b2579c73e97099b7210244b91a658fa43
SHA256: 7fa7f0766adcd2da6fb4b7963d3b52b10f300ceb248908e34e88415a886f7646
SSDeep: 6:4Kna6aIXXR0BlY5Yp9CAkiJottF8QR/t4a17ndPx7ICbm4X3ylWnqbpI7OHpxZOf:/nrH+BKITBJAWQRLSCHnylSuxZG
False
\\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix 354 bytes MD5: 48ad3da19e45ea271d9acfdb59631cf2
SHA1: e6ff148795d4ca29876b67c197be95805a439c60
SHA256: c164b95628c6469f44b43854d2d30de7a029413202a6d1354931b6d7383f50df
SSDeep: 6:06DauSlZ2+w1MFz8faRBYe8b8Vl6sQ2/YzHbhDHwenqbpI7OHpxZOl0P:0RRKWFz8faLYjb8ZAzHbhDQ6uxZn
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 7.46 KB MD5: 83d551c8fb3cc14add59c38d6ddcf68d
SHA1: 570f52f06f940d82a972838effea75a817a01635
SHA256: bea0c87b46966fd49d6d339dd6d615ba07add588f08e2663b4acd688751562ab
SSDeep: 192:/BWAzKC2Efvzy6jxO7/WhFEIdgV0ZI3ZQIlhosu1DXH1W9cMF0:/Bll2EXzs7/WhFEIdgVQqZQ2hossXVWy
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 22255ea5b91412c8789fd241aa21c7c2
SHA1: 8b41f7b21b8ccd0e9aaa71951d5f9f8c24ef6190
SHA256: babce1e472fdaae27f0beee72def1fb419223fdec18334221434d24c259fa6ab
SSDeep: 12:cAR/G9rWSokFQzjCWm3tHQ1gtiQ1QlUqWzgg9ClETrxSDcu:cAR/dS5FQzjCWEHQ1gtakgg9hTd27
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.id[B4197730-0001].[costelloh@aol.com].phoenix 275.80 KB MD5: 42e5deeadb949eb65f49582ffb8c6c10
SHA1: bf19497c955f5dea9622ae141c7e66839abb68d3
SHA256: 06cae818e701a6546a16abe1e6667703c474f2ef7ae41b91bc7c4b6fbc4ea7d4
SSDeep: 6144:ThhTM2s3sryaA7KAtXrXsdqgd4ffw6RjLV2DTl5LYi:jMj3e0X78dBafPVEzLYi
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.id[B4197730-0001].[costelloh@aol.com].phoenix 110.30 KB MD5: 3b35c2dffb111841e172362b0cba0b18
SHA1: d36c25efab0e284cdd2a3561e5b8e630d9e1655e
SHA256: 5cd80b6c2db907535dca43a8f9f0ac804afe9e9266427676b1d99c1faa96bd07
SSDeep: 3072:Pcjs44LKlDkPcX3mSSPr8odf1gIJFpMqfvy:04SxkPtSSPtvbKqXy
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.id[B4197730-0001].[costelloh@aol.com].phoenix 623.71 KB MD5: c5310a8e095acdd63186d11f802cb8c3
SHA1: 71ef44563d73237eeb8d4b9a8134804d4ed7f59b
SHA256: 8dc3c11a588fc6bad8983d83308d7225c24637603ee612adfb2216a3aa79836f
SSDeep: 12288:lIEKlFpWYwZ7ynXr3ARQs5BogeNPIgeXKvyb/ySc+qEzV3prHUDf8SZ:+1prfr8Q0d+IgWKvyZqgV3prHmkSZ
False
\\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.id[B4197730-0001].[costelloh@aol.com].phoenix 1.17 MB MD5: d0ce8bb147f42c1b9e7920fd10a7f275
SHA1: 4bddca8cb6a0913afc73804b2bab2ca9ecb2aaf7
SHA256: 9bf120698a3bdb29faf18e1e83453616eb25ae515d0e7031598cbd1079ea6594
SSDeep: 24576:YV85Zls44mBFHLA9n8oy+nn/tFVNmtV8v93mV/TcG667N6PEDdwbf6z06BA4:S94VZLAx/pn/zyV8dof71DyKB1
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 706 bytes MD5: e902610402a08bae6354a04cd11939b7
SHA1: 77710fa5aa4335ab08fa5a8acca12febf56f5f6f
SHA256: 72eaa3552efadba12be1e742a7eb44f227c3f0638ac1d78bcea847987a60e030
SSDeep: 12:Gg6EgaiW56Y2JvvtWw/8+E5Q+Rk3fhcz2GpaKEJYkPEBG2xKlU5USDcv:aERik4NZ/y5PgWz1pEJYn02KlU5U2K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 498 bytes MD5: 0df9f8bfd1dbda86e044f2fad32a84c6
SHA1: b9a8f10529c1662f557f4b9c1f4975e31dc9fdd1
SHA256: a5fd7ab7166c4b7ed23ce671aed1c099548d75cf8dbe45aa10df758d13550ab7
SSDeep: 12:ok4T400uOhkUv7s/0x9edKaxtEiTYZKbEJOSDcv:oO0KvA/0xjaYiTYZKl2K
False
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71.id[B4197730-0001].[costelloh@aol.com].phoenix 418 bytes MD5: e2b7185914661980b3ab23930abbe9fd
SHA1: 054db93b86cc51a922dfc5e9afad1dc797cf8313
SHA256: a1b5eff4cc4cbc0908cde6741e7ea1dbd0f9b811e60d24542263343ea48113a6
SSDeep: 6:NKBtmNm0QpTbt5OGA0ruJ+yjullbaunjxXj2SO+u4zDnqbpI7OHpxZOl0u:Cm00wTbzO+JjhASO+5uxZm
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: a41e731ce1822186594ffb378352328f
SHA1: 7f829e9447d723ca93ce0b3af1eb7f5d49c6516e
SHA256: c2e96bc354e946b6c9add3c28682627159fc83cdcff6850abefdfbef1af8bd3b
SSDeep: 12:vvEU60cebyDR1Il4ausp5et+rM8smS4xigSDcu:vvXzyDR1z5spFp/pxT27
False
\\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267.id[B4197730-0001].[costelloh@aol.com].phoenix 1.88 KB MD5: 090868cf1969177bc0d1fcd6e1f3ca3e
SHA1: c15a00d6ab75b1a2855a3b1da7db4ddca5f3b998
SHA256: e4474e5fb2a7203189ae50ce06b2b9e8082b4b0b7eae5876db73c18b84090cf7
SSDeep: 48:YVIQ/6fzNVifVDQ5kCYsmgeQeDH+qqu0uO:bQJCBBmgeZDeqB0X
False
\\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71.id[B4197730-0001].[costelloh@aol.com].phoenix 1.88 KB MD5: 9c799b860632a514b5e8dbc402b07623
SHA1: f73c43ec850ba5f61ebbc4610d963ef7efc4ef03
SHA256: f12cc147b6637b285537aea83fbf3cc62bac8906f9965a2b3a2cfe4e0339fad2
SSDeep: 48:mDsOyOrdvQYP2yD0CNypAQg5cwjF1kzUIKMjVWx8Z7XNuO:PIJQKNfQgWwnkQpI7XNX
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.44 KB MD5: bbef6b9fabe56c106e9bb8a0935eb12c
SHA1: 0b2c1a2ad81b9be3f8a1845a2373212cfcd08ebc
SHA256: 32b49a4a522acd13e0a0089594ac7a5c8ee136d9961cf8a80f255cf610caf435
SSDeep: 48:r0D4Tf9dNLzDw5Q8MK9F4SzbY/aMjxgBhmzwH7c4v27:rtj9djKYF/adB5Q4v27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 706 bytes MD5: f1d5df4e8d91423d18e61f642304b2d2
SHA1: c6e7d2c8658c9e1da5d72640fbf6aee1c0b84b2b
SHA256: a8d2723e3c5ee0ecf0d323ecd4553d55ca292f53591034c14532dd6cb8f0839c
SSDeep: 12:7IttLLwtp1MzXkMKEkeQ5LjS+Zo61BXYc9HWok/aCz5aANX/6SDcv:2FcXukMWq+y67XhvkhYA1/62K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: e8ce9e1103dceca1bb9bd98dad23f218
SHA1: 037f25279e2ba51c496d9ba28e69c2ccf7d1885d
SHA256: 3813c388d08c38f3c3f975be9b4b62dde3d69ae00b5032d8a7d09810f231423a
SSDeep: 6:kP3YcYaJ+f9lMJ4IzwQVicwxz8EjIdvfCnRsJlRCO6dbvraDMHjDONX1:kfxrJc9SJ4IcjBIdsRWYdSDcu
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 50fdbd4e85d4f47b18af6c3f8b7d07f0
SHA1: 84ed4320fd7032d5bf79ccfe8d140c3aac2fb0cb
SHA256: 6a8ce462e594a9d7947a7076c43cad150be2ab3f5e0f037a1d974d78ed1a8053
SSDeep: 6:3cVwfa5lXfmw1xgIilvtvr5dyfuA5PLas+C7AitV3xLPHkCbvraDMHjDONX1:safavfmwQZtD5AG5fC7bhSDcu
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 802 bytes MD5: 83c18ebe5e8979d0d03855864433055e
SHA1: 1fd003bff0bf9642e356798d02ab8d5f95a5c374
SHA256: 24b1f7464ccb9826aa6c3a08c66e3ef021cb31e5052eba68bf567a8f8ce6b6aa
SSDeep: 12:8cnDxTWiF9LqrT2IgMsZlH3m83jnK+bbsuh3qocmAD2DbYO7HqAnbAx617DYdlF2:8cDQiTq321ZM0LKSAuhJA2HJniKDYW2K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 1.88 KB MD5: ca8f9de89570c2d51a8922f26a62c8b5
SHA1: 395044cb62c89de226024f3f243a899c69402aaa
SHA256: 4a86939ab0df260b2dd01f579a9d930a5cd835de80933e5dd815a5d9d2b5fd60
SSDeep: 48:2H6bgJ9QhUkUCb+wF76VkWsxbrbHf3VyDiCY1JxSK27:2HJah8Cb+I6VkWgJyuCWT27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 8d8cd68228f8aaece774868998377160
SHA1: 6d4eb97224704ab7617650aca4a7ffa855e154e0
SHA256: 94e74a6ecd5001d429d892e94db6f93d1f0ddef96c8f9abe44278098c3d57cdf
SSDeep: 12:JJfAZXPTFSlL86Jo65ncVAIU8jnzLUY+nFHczSDcu:JhAlPTFM8HmncVIGvUTnFHG27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 622.85 KB MD5: 78b3ed093a25487aeb36322f4d37f7bf
SHA1: d4dec514e1067ca710097bc61ffb5233fa3b430b
SHA256: b150622a69f0b9a91437456ba1f64009a4fdc161b8365522000b6eec56b1be23
SSDeep: 12288:o9iu6k5GFB8bJO7zaQZSrBBt/otf6ySpNM7V/YrVtaTn82pN20FypJ:sj5GQJOnaYSZSCzU7y7u8MqpJ
False
\\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 304.02 KB MD5: 88ea4e819cb3c3a4a8916702440328c1
SHA1: d1ac2f8dccd0b9759069ffc38ad39ab219298872
SHA256: d46f4e1969bf751be17070e83952da14a2b48cab897a0ba30eb86c0e8ad88f97
SSDeep: 6144:GqxJOgq365KPrhFqAzvrLpL1bqN8p9PFOnSp4we0IEZjjETkgJDcQq7E5LRubOQ:+gq36wPCAXLPblLgSp4wdXwoQdNRgV
False
\\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.id[B4197730-0001].[costelloh@aol.com].phoenix 1.36 KB MD5: 1ac0b26b7b11de7146813ea6944f16d8
SHA1: 15cea580851b05a7726f8f94184c2b24acb1888e
SHA256: 28028bface81791ad513d561201943b5cbc74d8704052892aa33df952079e873
SSDeep: 24:dQO4IZX6Yqbr9atCcY9zv1AWJwxpq/BX1xE795UzY/8oySvkIJ/6dId/DQzpWuvm:oIt6vbrwAJ6WUElxY5U01J/hd/DQcuO
False
\\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.id[B4197730-0001].[costelloh@aol.com].phoenix 2.74 KB MD5: 27a5398953b9ff5b5b46a439d7d02128
SHA1: 8abbddbcdcf33e09849b9474ee05bba75d162587
SHA256: a42da638e0150887b431f561a263865e0685c61e5b1b759498f321364fc18a49
SSDeep: 48:+Ffc9l/Tfg85a89xXfzPDpftTPNkaiFFxL4O4BeW/fFU9GyVJj98UwR2KAue:U+T48w87b1NPCX41BeW/fFvyT9JwR21n
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.06 KB MD5: fa8003016ad2925d7a80b2a76af8794e
SHA1: 66af1c1a4ebb381eb3c4d318bd6ba2582be581dd
SHA256: 40994aac39bfc934f2e29fc72a13588a212b7b03b818bd2538f137dcb2a8ea5b
SSDeep: 48:ehsDIwRl8AXDRbuQbdHASUfZmuOGfCRinN7Tl4g27:MZ88IR6MdHAHxmpICREf/27
False
\\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.id[B4197730-0001].[costelloh@aol.com].phoenix 1.86 KB MD5: ed8889d1992577b13e7cbf0b7b77bac8
SHA1: 4ffe5ccff2bca24782268bf45e668a84771bd1ff
SHA256: 452a300e898c58c6d2836258da9e24ea0f6b0e2a1ea137f87b17809ec2229c16
SSDeep: 48:NqRi5ehwehj2jv12bUIVvCE8KhyI5W0JW7xzgz+uv:ARDrhjNVf8KhyIMqQTW
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 9a6499833e5dcde2b762ddfd862fcf7e
SHA1: 63e57d4878980726df95621625cfbe51b42d835d
SHA256: 1f1ab3fca349790cefadbbb3da6abf84a9c17693945006267c6af930e903937c
SSDeep: 12:4WpfEKSh6vfBVndRMRDOlDtQWGdM6SDcu:9pcKXv7d6RD2qdM627
False
\\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.id[B4197730-0001].[costelloh@aol.com].phoenix 192.30 KB MD5: 007944ad34e04a6e191a7aaa05e18ffd
SHA1: e531a46dea9e4493ea67dfb0d3ac24a9fa04fcb0
SHA256: e65a199d77461bb1b7d69a8846e5b72147c86c913f80d002f92b63ad00e0b58e
SSDeep: 6144:YivOoVW1L12Ne4I8DjRUj9Aaqx+p7lQ7l:Yidw1R83RIAl+p5M
False
\\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 24.99 KB MD5: b22d1d1f8f2ef74623592bdba9a32506
SHA1: 51ff671fd9af9f81f0de2c4f944adea9f4ac0ac7
SHA256: 18839949e26095340f06860fc20c1f43769c99a8fb80ee20fba87c33618c710f
SSDeep: 384:lNYTjf1RrrWmHec+DxrOKkI+nQRVxy1dR7sG0G8zl0j7KXlfeJlt9vyhVcANVsyJ:lof1p02Pny/8sTGm7Ay4++S
False
\\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 706 bytes MD5: e1845e50c3d3b7a79871becaa3379af9
SHA1: cd721e3eabfe1b0d00fa5b45e7b36388738e9e1c
SHA256: aa79c5ce2ca7ea317e686fc217d603799ced9e283130c59936089576e731ba72
SSDeep: 12:1DAUeTFgW9bvbKWlcewPi4UGfjGZqeqQmFwJhRuL9/LyaP2ZNOLSDcv:p8FgGbOWOZ3C989/uaOZNC2K
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 5f5554d7da8575a8e1476ce250c3e979
SHA1: 4330db5ac32b871ddff12f13445ae93ef10cac82
SHA256: 5cbe424f58d410c5c3c4cdcce04b40d7d6c38e7af55bf17f7e1bcc5a8a02c199
SSDeep: 12:KxkERLPGImy/b8lJ/CgDFww0Op1NOSvWO89OSDcu:4BQImIAJvDFUYBvv89O27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 498 bytes MD5: 7f40814b83bbc8449457c3b29c12c9cc
SHA1: 64e54fd6e66705adeed86d1e095fcd309c5bd299
SHA256: b850a1af061edc0aff0298a53a7d9fd6901d8bdc2eceb99c03679a608591cb89
SSDeep: 12:pT+e48duoBYCHqbdboyGMezR7eI0rYjKCPSDcv:pCe4AaFo56I0rHCP2K
False
\\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll.id[B4197730-0001].[costelloh@aol.com].phoenix 24.49 KB MD5: 7131ad9d77a36087b8747dda3ef1b679
SHA1: b6a548a6e43722632920c9caa76c72c9d0a3628b
SHA256: b8911f49ee4953ebf72d1737ba397f5bd475b8cac24b7996d90cc386a082e780
SSDeep: 768:VGgE1l5HjO/uOlJ7R62ImLlbbzlalVUHllZ:VLEpOGOb7R+SbbzUlV6lZ
False
\\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[B4197730-0001].[costelloh@aol.com].phoenix 14.86 KB MD5: 50e220c4a572a72a0dd45d88237b2d13
SHA1: 9d057c987fb3d0a127777690e06824c7d4f1836e
SHA256: 9d3c2bacd69f293c48febcc942e3c5470094bfee2682acba621cd4daab8af23c
SSDeep: 384:5/iEP/XDB1xUNMt4Syp44HAAFeNnJJnZNFP+TBDCqeEW:V/zN+SyzunfZN1ahCn
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 24.88 KB MD5: 05fe33fa6cb467fed0613972bf35a9df
SHA1: d452ac00fa35eabc4a74c58aaaf7865e2728ec9d
SHA256: 13eff9830d3924203cc0c5c05867078ca70ea2b2b1615650cc8ca89a019ad2fe
SSDeep: 768:G3a5Q6ZmA6mE5cP8QsukcHmjCvPHMTrzd:GKWRA6mE2JnHmOvPK/d
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 2.42 KB MD5: ed7e6ffe98ed606a2b6ae9ae9e054662
SHA1: 221d308aba210602790f7847cf021c989fa71f88
SHA256: 5fc38b408ea066d3e70c4a1bfe842966bcbf088a63e18ef8fe75f155bb053d2b
SSDeep: 48:2jJ2AjE1W4bKWgmyvXX8EQ83aq+g1mxqSsHXlbuSO6dznLQC27:82AjEhbK9bQ8qzTxzs39DO6djMC27
False
\\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix 530 bytes MD5: 330b8accc0ed92a3dbcb80750a42a93c
SHA1: 7521a7cd52e51d344893bda4d4a3cb72ee8bffed
SHA256: 0dd07989bb987f098b32fc37bfae0d0f58c0ff9ae0f4a837f3d02ea8c2af5a7e
SSDeep: 12:HJoUdtT7YCAbSucauzliVMQ6GHghlkQdOSDcu:1u/uI6GAzHO27
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\edb.chk.id[B4197730-0001].[costelloh@aol.com].phoenix 8.24 KB MD5: 6e38ef1200f91d258803ea309aa742eb
SHA1: 90deefba96a1b8dcf3abd42277a19c081fef82b7
SHA256: bb253b9ee702ac1b0d200889aba4c69c060a1b5662bcf84ec86d80ea5d932a6a
SSDeep: 192:22VcAvlEHQTemPwtHyucT0UnahxtQiPVjwnbde9Mqx0m:dV3vl4Nm4MVTnCgiP+pe5Om
False
\\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 5.64 KB MD5: ba20e184d383b62fdf8aac4f39a76a16
SHA1: ae1d7989204828e37e2e6f004b097b0752208e45
SHA256: 2edd7617c1c8cacd52555350cd63ac3abf75eb9aa8f21b64603c22482ed1b380
SSDeep: 96:aK5DFH45VF1kB+DnArkDNc8aN7DrmqAeg8cXbSbsCJf+R3Dd4Xajgs+Q75d8vBNv:r5xYLUMvDNxaN7Dr2lO45Dd0aS8+/Ek
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.id[B4197730-0001].[costelloh@aol.com].phoenix 1.25 MB MD5: c4eafc52d1d852ee764baf1c65cb5ec1
SHA1: 378ce2fe390023b50f535fc3c930ce936f0f42e4
SHA256: fef48698c646005fb970167788f9763bd6c71652ab242d2e31ed9f6d7e362d1e
SSDeep: 24576:zmvoVTzmATbz6Ww43IGD7I1Uf/0L5NrtlLpWcsyTmdg3:zpa6cAIWfMZXss7
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat.id[B4197730-0001].[costelloh@aol.com].phoenix 588.47 KB MD5: 313a05039894d202861a80c8b97f5499
SHA1: 0c22cff12f22597f2baff3b70849660b789f898c
SHA256: 89f98d6fd990e1910aac0870a6e454cf69df4f15ac1012bdfe55a61f6159eb2b
SSDeep: 12288:QUu2WRzxDObWqbDe8c9XsTnG6xS1EhzSlfUm/6WCVEhdy16gX34/L2RQ+0c+H/vn:QUWRTqba3innnUNZiVdYgY/g10c+H3n
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix 588.30 KB MD5: 37cb07f55ec0f50def57eb1ad8715b99
SHA1: 7f774129200a7ffb838a1e562761b8709090320a
SHA256: 7412d51fedfd0cff017e5aad4015e039eea60a0e16628ba57e9d9e9c7af326ec
SSDeep: 12288:ox0ZL1pPg96RzOF+OqXcv48mk3EX+kWMhaF5vWczpj:oiZL5lOgFMvjJ6+kVUzpj
False
\\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.id[B4197730-0001].[costelloh@aol.com].phoenix 1.25 MB MD5: 0e856842582d596b7145f9bf89dda934
SHA1: c7ca5c8ac263889d665be7a47e1e04fa5828e0c3
SHA256: 7946b612c8f59d032ad6eba359a53c6428654567aa8a328d021b6e2b06ec55ef
SSDeep: 24576:riPvDpT3eLOddzCyJz9u62gRYmhop3HeduOsdkEUvqHdiJQ0uhmfSGJIdF0C3z5m:rUDpyKd3tvTQ3+cJJQqUJQ0uUwRz5m
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png.id[B4197730-0001].[costelloh@aol.com].phoenix 5.52 KB MD5: 94bdb75b527bc706ed83bb7b025609ec
SHA1: 0ef7572e2bd386b5d380f8bb51d0ab0eb8578d32
SHA256: 477aa2527b09c17f7bf7e8d5738f50a612070e446254f7e0cd6fb0affaf45bdc
SSDeep: 96:1TNpV16cuVQrwVxdZPtQE1PlU1g3mMSyZkyVsZ11ERp6dwsacO64mZCxSWZyc8/9:1TXr6KwVxddtQ0PXZkm41w06sacO6jZF
False
Host Behavior
File (5044)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootspaces.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\bootvhd.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\cs-CZ\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\da-DK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\de-DE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\el-GR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-GB\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-ES\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\es-MX\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\et-EE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fi-FI\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgunn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\malgun_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segmono_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoen_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\segoe_slboot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-CA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\fr-FR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hr-HR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\hu-HU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\it-IT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ja-JP\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ko-KR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lt-LT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\lv-LV\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nb-NO\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\nl-NL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pl-PL\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-BR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\pt-PT\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\qps-ploc\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\bootres.dll desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\Resources\en-US\bootres.dll.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ro-RO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\ru-RU\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sk-SK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sl-SI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\sv-SE\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\tr-TR\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\uk-UA\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-CN\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-HK\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\zh-TW\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\BOOTNXT.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\osver.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\parse.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edb.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Security.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Setup.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Setup.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Setup.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\System.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\System.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\System.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\Logs\Windows PowerShell.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\Logs\Windows PowerShell.evtx desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\pagefile.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1 desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\s641033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\s640.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\s321033.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\s320.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.hash.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267 desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71 desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71 desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\Events_CostDeferred.rbs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\Events_Normal.rbs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\Events_NormalCritical.rbs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\Events_Realtime.rbs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edb.chk desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edb.chk desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edb.chk.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageEventsArchive.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\FD1HVy.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\Default User.dat.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\1__Power_Controls.provxml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-32.png.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-48.png.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.id[B4197730-0001].[costelloh@aol.com].phoenix desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user.png desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Copy c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\AppData\Local\costelloh.exe False 1
Fn
Copy c:\programdata\microsoft\windows\start menu\programs\startup\costelloh.exe source_filename = C:\Users\FD1HVy\AppData\Local\costelloh.exe False 1
Fn
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini size = 1114368, size_out = 370 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini size = 1114368, size_out = 1476 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini size = 1114368, size_out = 85 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini size = 1114368, size_out = 2598 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini size = 1114368, size_out = 796 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini size = 1114368, size_out = 338 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini size = 1114368, size_out = 576 True 1
Fn
Data
Read \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini size = 1114368, size_out = 170 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini.id[B4197730-0001].[costelloh@aol.com].phoenix size = 1114368, size_out = 325 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini size = 1114368, size_out = 148 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini size = 1114368, size_out = 558 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini size = 1114368, size_out = 170 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini size = 1114368, size_out = 798 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini size = 1114368, size_out = 568 True 1
Fn
Data
Read \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini size = 1114368, size_out = 218 True 1
Fn
Data
Read \\?\C:\Users\desktop.ini size = 1114368, size_out = 174 True 1
Fn
Data
Delete \\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html - True 1
Fn
Delete \\?\C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js - True 1
Fn
For performance reasons, the remaining 4029 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (16)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 6
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 6820704, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 6820768, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 2
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 115, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 6821040, type = REG_EXPAND_SZ False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xd5c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xd70, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Module (28)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74ae0000 True 11
Fn
Get Filename - process_name = c:\users\fd1hvy\appdata\local\costelloh.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\costelloh.exe, size = 260 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x74af4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x74af4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x74af4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x74af4b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x74af6b30 True 6
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x74af6b50 True 1
Fn
System (95)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1000 milliseconds (1.000 seconds) True 93
Fn
Get Time type = Ticks, time = 124578 True 1
Fn
Get Info type = Operating System True 1
Fn
Mutex (53)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\0001B419773001 True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773001, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 3
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 8
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 10
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 4
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 5
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 2
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Open mutex_name = Global\0001B419773000, desired_access = SYNCHRONIZE True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #14: cmd.exe
593 0
»
Information Value
ID #14
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:04:28, Reason: Terminated by Timeout
Monitor Duration 00:00:54
OS Process Information
»
Information Value
PID 0xd5c
Parent PID 0xd2c (c:\users\fd1hvy\appdata\local\costelloh.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D60
0x DB4
Host Behavior
File (503)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\WINDOWS\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 19
Fn
Get Info STD_INPUT_HANDLE type = file_type True 10
Fn
Open STD_OUTPUT_HANDLE - True 52
Fn
Open STD_INPUT_HANDLE - True 213
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 188
Fn
Data
Read STD_INPUT_HANDLE size = 1 False 1
Fn
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 7
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 23 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 58 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 42 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (8)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\vssadmin.exe os_pid = 0xdb8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\System32\Wbem\WMIC.exe os_pid = 0xde0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\bcdedit.exe os_pid = 0xe48, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\bcdedit.exe os_pid = 0xe58, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\System32\Wbem\WMIC.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\bcdedit.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (4)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\vssadmin.exe address = 83359490048, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\System32\Wbem\WMIC.exe address = 698647691264, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\bcdedit.exe address = 4297871360, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\bcdedit.exe address = 938840408064, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff862c80000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff683550000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff8628a0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff8628ba990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff8628be830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff8628be300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff85f5b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff862d256b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (48)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 16
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 5
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 5
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 5
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 4
Fn
Set Environment String name = =ExitCode, value = 00000002 True 1
Fn
Set Environment String name = =ExitCodeAscii True 4
Fn
Set Environment String name = =ExitCode, value = 80041014 True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 2
Fn
Process #15: cmd.exe
336 0
»
Information Value
ID #15
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:34, Reason: Child Process
Unmonitor End Time: 00:04:18, Reason: Self Terminated
Monitor Duration 00:00:44
OS Process Information
»
Information Value
PID 0xd70
Parent PID 0xd2c (c:\users\fd1hvy\appdata\local\costelloh.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D74
0x DB0
Host Behavior
File (270)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\WINDOWS\system32 type = file_attributes True 1
Fn
Get Info C:\Windows\System32 type = file_attributes True 1
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 14
Fn
Get Info STD_INPUT_HANDLE type = file_type True 7
Fn
Open STD_OUTPUT_HANDLE - True 36
Fn
Open STD_INPUT_HANDLE - True 107
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 91
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 5
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 20 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 47 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 39 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\netsh.exe os_pid = 0xdc0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\netsh.exe os_pid = 0xed4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\netsh.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (2)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\netsh.exe address = 541293490176, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\netsh.exe address = 8885473280, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff862c80000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff683550000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff8628a0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff8628ba990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff8628be830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff8628be300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff85f5b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff862d256b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (30)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 10
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 3
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Set Environment String name = COPYCMD True 2
Fn
Set Environment String name = =ExitCode, value = 00000000 True 2
Fn
Set Environment String name = =ExitCodeAscii True 2
Fn
Process #18: vssadmin.exe
0 0
»
Information Value
ID #18
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:35, Reason: Child Process
Unmonitor End Time: 00:03:37, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xdb8
Parent PID 0xd5c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DBC
0x DCC
0x DD4
0x DD8
0x DDC
Process #19: netsh.exe
85 0
»
Information Value
ID #19
File Name c:\windows\system32\netsh.exe
Command Line netsh advfirewall set currentprofile state off
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:35, Reason: Child Process
Unmonitor End Time: 00:04:10, Reason: Self Terminated
Monitor Duration 00:00:35
OS Process Information
»
Information Value
PID 0xdc0
Parent PID 0xd70 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DC4
0x DC8
0x DD0
0x E6C
0x E74
0x E78
Host Behavior
File (4)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 2
Fn
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (22)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (49)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff85f180000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff85d5c0000 True 1
Fn
Load RASMONTR.DLL base_address = 0x7ff8509a0000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7ff8602c0000 True 1
Fn
Load C:\WINDOWS\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7ff84b1b0000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7ff8549a0000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7ff850a00000 True 1
Fn
Load FWCFG.DLL base_address = 0x7ff84b140000 True 1
Fn
Load HNETMON.DLL base_address = 0x7ff851200000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7ff84b100000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7ff846260000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7ff850f20000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7ff844550000 True 1
Fn
Load NSHWFP.DLL base_address = 0x7ff844490000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7ff844450000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7ff8508d0000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7ff849fb0000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7ff850870000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7ff846570000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7ff84b3e0000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7ff8464c0000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7ff846450000 True 1
Fn
Load mprmsg.dll base_address = 0x7ff84d380000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff7b4590000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7ff8602c0000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff85d5c1310 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7ff8509b5850 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7ff84b1b1430 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7ff8549a1610 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7ff850a01100 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7ff84b1411f0 True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7ff851202060 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7ff84b115f80 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7ff8462615d0 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7ff850f210e0 True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7ff844551250 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7ff8444910d0 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7ff8444511e0 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7ff8508d1010 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7ff849fb1680 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7ff8508714d0 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7ff846571320 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7ff84b3e1030 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7ff8464c11d0 True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7ff846451220 True 1
Fn
Get Address c:\windows\system32\mprmsg.dll function = MprmsgGetErrorString, address_out = 0x7ff84d381040 True 1
Fn
System (9)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 1239, y_out = 394 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Process #20: wmic.exe
162 0
»
Information Value
ID #20
File Name c:\windows\system32\wbem\wmic.exe
Command Line wmic shadowcopy delete
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:36, Reason: Child Process
Unmonitor End Time: 00:03:51, Reason: Self Terminated
Monitor Duration 00:00:14
OS Process Information
»
Information Value
PID 0xde0
Parent PID 0xd5c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DE4
0x DEC
0x E24
0x E28
0x E2C
Host Behavior
COM (7)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create EB87E1BD-3233-11D2-AEC9-00C04FB68820 EB87E1BC-3233-11D2-AEC9-00C04FB68820 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\NQDPDE\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy False 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0x7ff75b920000 True 1
Fn
System (3)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Get Time type = Local Time, time = 2019-05-04 21:38:46 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Process #23: bcdedit.exe
0 0
»
Information Value
ID #23
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:51, Reason: Child Process
Unmonitor End Time: 00:03:54, Reason: Self Terminated
Monitor Duration 00:00:03
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xe48
Parent PID 0xd5c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E4C
0x E50
Process #24: bcdedit.exe
0 0
»
Information Value
ID #24
File Name c:\windows\system32\bcdedit.exe
Command Line bcdedit /set {default} recoveryenabled no
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:52, Reason: Child Process
Unmonitor End Time: 00:03:55, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xe58
Parent PID 0xd5c (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E5C
0x E60
Process #25: netsh.exe
87 0
»
Information Value
ID #25
File Name c:\windows\system32\netsh.exe
Command Line netsh firewall set opmode mode=disable
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:10, Reason: Child Process
Unmonitor End Time: 00:04:18, Reason: Self Terminated
Monitor Duration 00:00:07
OS Process Information
»
Information Value
PID 0xed4
Parent PID 0xd70 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x ED8
0x EF4
0x EF8
0x F1C
0x F24
0x F38
Host Behavior
File (6)
»
Operation Filename Additional Information Success Count Logfile
Open STD_OUTPUT_HANDLE - True 3
Fn
Write STD_OUTPUT_HANDLE size = 306 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 5 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 1
Fn
Data
Registry (22)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Enumerate Values HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Get Key Info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh - True 1
Fn
Module (49)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-appmodel-runtime-l1-1-0.dll base_address = 0x7ff85f180000 True 1
Fn
Load IFMON.DLL base_address = 0x7ff8549a0000 True 1
Fn
Load RASMONTR.DLL base_address = 0x7ff846850000 True 1
Fn
Load MSVCRT.DLL base_address = 0x7ff8602c0000 True 1
Fn
Load C:\WINDOWS\system32\MFC42LOC.DLL base_address = 0x0 False 1
Fn
Load AUTHFWCFG.DLL base_address = 0x7ff846700000 True 1
Fn
Load DHCPCMONITOR.DLL base_address = 0x7ff851200000 True 1
Fn
Load DOT3CFG.DLL base_address = 0x7ff850880000 True 1
Fn
Load FWCFG.DLL base_address = 0x7ff84b120000 True 1
Fn
Load HNETMON.DLL base_address = 0x7ff850f20000 True 1
Fn
Load NETIOHLP.DLL base_address = 0x7ff846360000 True 1
Fn
Load NETTRACE.DLL base_address = 0x7ff846230000 True 1
Fn
Load NSHHTTP.DLL base_address = 0x7ff850cd0000 True 1
Fn
Load NSHIPSEC.DLL base_address = 0x7ff844500000 True 1
Fn
Load NSHWFP.DLL base_address = 0x7ff843eb0000 True 1
Fn
Load P2PNETSH.DLL base_address = 0x7ff849fb0000 True 1
Fn
Load RPCNSH.DLL base_address = 0x7ff850870000 True 1
Fn
Load WCNNETSH.DLL base_address = 0x7ff8466a0000 True 1
Fn
Load WHHELPER.DLL base_address = 0x7ff84b3e0000 True 1
Fn
Load WLANCFG.DLL base_address = 0x7ff844410000 True 1
Fn
Load WSHELPER.DLL base_address = 0x7ff8466f0000 True 1
Fn
Load WWANCFG.DLL base_address = 0x7ff843e00000 True 1
Fn
Load PEERDISTSH.DLL base_address = 0x7ff843d90000 True 1
Fn
Load mprmsg.dll base_address = 0x7ff843d70000 True 1
Fn
Get Handle c:\windows\system32\netsh.exe base_address = 0x7ff7b4590000 True 2
Fn
Get Handle c:\windows\system32\msvcrt.dll base_address = 0x7ff8602c0000 True 1
Fn
Get Filename - process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 True 1
Fn
Get Address c:\windows\system32\ifmon.dll function = InitHelperDll, address_out = 0x7ff8549a1310 True 1
Fn
Get Address c:\windows\system32\rasmontr.dll function = InitHelperDll, address_out = 0x7ff846865850 True 1
Fn
Get Address c:\windows\system32\authfwcfg.dll function = InitHelperDll, address_out = 0x7ff846701430 True 1
Fn
Get Address c:\windows\system32\dhcpcmonitor.dll function = InitHelperDll, address_out = 0x7ff851201610 True 1
Fn
Get Address c:\windows\system32\dot3cfg.dll function = InitHelperDll, address_out = 0x7ff850881100 True 1
Fn
Get Address c:\windows\system32\fwcfg.dll function = InitHelperDll, address_out = 0x7ff84b1211f0 True 1
Fn
Get Address c:\windows\system32\hnetmon.dll function = InitHelperDll, address_out = 0x7ff850f22060 True 1
Fn
Get Address c:\windows\system32\netiohlp.dll function = InitHelperDll, address_out = 0x7ff846375f80 True 1
Fn
Get Address c:\windows\system32\nettrace.dll function = InitHelperDll, address_out = 0x7ff8462315d0 True 1
Fn
Get Address c:\windows\system32\nshhttp.dll function = InitHelperDll, address_out = 0x7ff850cd10e0 True 1
Fn
Get Address c:\windows\system32\nshipsec.dll function = InitHelperDll, address_out = 0x7ff844501250 True 1
Fn
Get Address c:\windows\system32\nshwfp.dll function = InitHelperDll, address_out = 0x7ff843eb10d0 True 1
Fn
Get Address c:\windows\system32\p2pnetsh.dll function = InitHelperDll, address_out = 0x7ff849fb11e0 True 1
Fn
Get Address c:\windows\system32\rpcnsh.dll function = InitHelperDll, address_out = 0x7ff850871010 True 1
Fn
Get Address c:\windows\system32\wcnnetsh.dll function = InitHelperDll, address_out = 0x7ff8466a1680 True 1
Fn
Get Address c:\windows\system32\whhelper.dll function = InitHelperDll, address_out = 0x7ff84b3e14d0 True 1
Fn
Get Address c:\windows\system32\wlancfg.dll function = InitHelperDll, address_out = 0x7ff844411320 True 1
Fn
Get Address c:\windows\system32\wshelper.dll function = InitHelperDll, address_out = 0x7ff8466f1030 True 1
Fn
Get Address c:\windows\system32\wwancfg.dll function = InitHelperDll, address_out = 0x7ff843e011d0 True 1
Fn
Get Address c:\windows\system32\peerdistsh.dll function = InitHelperDll, address_out = 0x7ff843d91220 True 1
Fn
Get Address c:\windows\system32\mprmsg.dll function = MprmsgGetErrorString, address_out = 0x7ff843d71040 True 1
Fn
System (9)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 730, y_out = 551 True 1
Fn
Get Info type = Operating System True 6
Fn
Get Info type = System Directory, result_out = C:\WINDOWS\system32 True 1
Fn
Get Info type = Operating System True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image