------------------------------------------------------------------------------ System pid: 4 \ 54: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 74: File (R-D) C:\Windows\System32\drivers\en-US\USBXHCI.SYS.mui 7C: File (---) C:\System Volume Information\{c39af054-f0e3-11e9-9dad-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 120: File (---) C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 130: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 13C: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 140: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003 144: File (R--) \clfs 148: File (RWD) \clfs 150: File (RWD) C:\$Extend\$RmMetadata\$Txf 154: File (RWD) \clfs 158: File (RW-) \clfs 15C: File (RWD) \clfs 160: File (RWD) \clfs 170: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 194: File (R--) C:\Windows\System32\config\TxR\{07702d1d-ff27-11e9-9db9-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 1C4: File (---) C:\System Volume Information\{07703e32-ff27-11e9-9db9-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 1CC: File (---) C:\Windows\System32\config\SYSTEM.LOG1 230: File (---) C:\System Volume Information\{f86bcfa1-f727-11e9-9db2-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 234: File (R-D) C:\Windows\System32\drivers\en-US\ntfs.sys.mui 290: File (---) C:\System Volume Information\{07703e57-ff27-11e9-9db9-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 294: File (---) C:\System Volume Information\{972c8085-fa8d-11e9-9db8-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 29C: File (RWD) D:\$Extend\$RmMetadata\$Txf 2B4: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\Cache\57863df8f8789d4e_COM15.dat.LOG1 318: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 328: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 33C: File (RWD) \clfs 348: File (RW-) \clfs 34C: File (R-D) C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 35C: File (R--) \clfs 3C4: File (RWD) \clfs 3EC: File (---) C:\Windows\appcompat\Programs\Amcache.hve 420: File (RW-) \clfs 430: File (RWD) \clfs 444: File (R-D) C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2019-11-08-09-29-56.etl 468: File (---) C:\Windows\bootstat.dat 470: File (---) C:\Windows\System32\config\SAM 484: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 4A0: File (RWD) \clfs 4A4: File (R--) \clfs 4AC: File (RWD) \clfs 4B0: File (RWD) \clfs 4B4: File (RW-) \clfs 4C8: File (R-D) C:\ProgramData\McAfee\MCLOGS\MMSSHOST\MMSSHOST.etl.004 4CC: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 4D0: File (---) C:\Windows\System32\config\SECURITY 4D8: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 4DC: File (---) C:\Windows\System32\config\DEFAULT 4E0: File (---) C:\hiberfil.sys 4E4: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 4E8: File (R-D) C:\Windows\System32\LogFiles\WMI\Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace.etl 4F0: File (R-D) C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl 4F4: File (---) C:\Windows\System32\config\SYSTEM 500: File (---) C:\Windows\System32\config\SYSTEM.LOG2 504: File (R--) C:\Windows\System32\config\TxR\{07702d1d-ff27-11e9-9db9-806e6f6e6963}.TM.blf 508: File (R--) C:\Windows\System32\config\TxR\{07702d1d-ff27-11e9-9db9-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 514: File (---) C:\Windows\System32\config\SOFTWARE 518: File (---) C:\Windows\System32\config\SOFTWARE.LOG1 51C: File (---) C:\Windows\System32\config\SOFTWARE.LOG2 520: File (---) C:\Windows\System32\config\DEFAULT.LOG1 524: File (---) C:\Windows\System32\config\DEFAULT.LOG2 528: File (---) C:\Windows\System32\config\SAM.LOG1 530: File (R--) C:\Windows\System32\config\TxR\{07702d1c-ff27-11e9-9db9-806e6f6e6963}.TxR.1.regtrans-ms 534: File (---) C:\Windows\System32\config\SECURITY.LOG1 538: File (---) C:\Windows\System32\config\SECURITY.LOG2 53C: File (---) C:\Windows\System32\config\SAM.LOG2 548: File (R-D) C:\Windows\System32\LogFiles\WMI\RadioMgr.etl 54C: File (R-D) C:\Windows\System32\LogFiles\WMI\NetCore.etl 550: File (R-D) C:\Windows\System32\LogFiles\WMI\Wifi.etl 554: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 568: File (R--) C:\Windows\System32\config\TxR\{07702d1c-ff27-11e9-9db9-806e6f6e6963}.TxR.0.regtrans-ms 570: File (R--) C:\Windows\System32\config\TxR\{07702d1c-ff27-11e9-9db9-806e6f6e6963}.TxR.blf 574: File (---) \clfs 578: File (R--) C:\Windows\System32\config\TxR\{07702d1c-ff27-11e9-9db9-806e6f6e6963}.TxR.2.regtrans-ms 57C: File (-W-) C:\swapfile.sys 590: File (R--) C:\Windows\bootstat.dat 5B8: File (R-D) C:\Windows\System32\en-US\win32kbase.sys.mui 5C4: Section \Win32kCrossSessionGlobals 5C8: File (-W-) C:\pagefile.sys 5E4: File (RW-) C:\Windows\System32\GfxValDisplayLog.bin 6BC: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 7C8: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat 8F0: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.blf 924: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat 930: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms 950: File (R-D) C:\Windows\System32\SleepStudy\UserNotPresentSession.etl 970: File (RWD) \clfs 978: File (RW-) \clfs 97C: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 984: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms 990: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms 994: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT 99C: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 9B8: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 9BC: File (---) \clfs 9C4: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf 9C8: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 9FC: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 A08: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb98-7db8-11e9-bdec-d49100b89f25}.TMContainer00000000000000000001.regtrans-ms A0C: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb98-7db8-11e9-bdec-d49100b89f25}.TM.blf A1C: File (---) C:\Users\ncosa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat A64: File (---) C:\Windows\System32\config\BBI A80: File (---) C:\Windows\System32\config\BBI.LOG1 A88: File (---) C:\Windows\System32\config\BBI.LOG2 AAC: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT AB0: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb98-7db8-11e9-bdec-d49100b89f25}.TMContainer00000000000000000002.regtrans-ms B60: File (R-D) C:\Windows\System32\LogFiles\CloudFiles\CldFlt3.etl C1C: File (RWD) \clfs C24: File (RW-) \clfs C30: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb97-7db8-11e9-bdec-d49100b89f25}.TxR.blf C34: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb97-7db8-11e9-bdec-d49100b89f25}.TxR.0.regtrans-ms C38: File (---) \clfs C3C: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb97-7db8-11e9-bdec-d49100b89f25}.TxR.1.regtrans-ms C40: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8974fb97-7db8-11e9-bdec-d49100b89f25}.TxR.2.regtrans-ms D3C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.YourPhone_1.19101.469.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 DCC: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat E28: File (---) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat 1098: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 1290: File (---) \Device\Mup 1294: File (---) \Device\Mup 12D4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\ActivationStore.dat 13B8: File (---) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG2 13BC: File (---) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG1 14F4: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 1524: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms 152C: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf 1530: File (RWD) \clfs 1534: File (RW-) \clfs 1538: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms 161C: File (R-D) C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl 1624: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl 1B44: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl 1BC0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 1C1C: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\User.dat 1C24: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 1C54: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat 1D8C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl 1DAC: File (---) C:\Windows\appcompat\Programs\Amcache.hve.LOG1 1DB0: File (---) C:\Windows\appcompat\Programs\Amcache.hve.LOG2 1DF0: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms 1E0C: File (---) \clfs 1E14: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b7-7d5b-11e9-9d73-ac2b6e9e25c7}.TxR.1.regtrans-ms 1E18: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b7-7d5b-11e9-9d73-ac2b6e9e25c7}.TxR.blf 1E1C: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b7-7d5b-11e9-9d73-ac2b6e9e25c7}.TxR.2.regtrans-ms 1E20: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b7-7d5b-11e9-9d73-ac2b6e9e25c7}.TxR.0.regtrans-ms 1E2C: File (RW-) \clfs 1E30: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b8-7d5b-11e9-9d73-ac2b6e9e25c7}.TMContainer00000000000000000002.regtrans-ms 1E34: File (RWD) \clfs 1E3C: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat.LOG2 1E40: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat.LOG1 1E44: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b8-7d5b-11e9-9d73-ac2b6e9e25c7}.TMContainer00000000000000000001.regtrans-ms 1E4C: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat 1E50: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\Windows\usrClass.dat{446eb9b8-7d5b-11e9-9d73-ac2b6e9e25c7}.TM.blf 1E54: File (---) \clfs 1E58: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35da-49fe-11e9-aa2c-248a07783950}.TxR.blf 1E5C: File (---) C:\Users\ncosa\ntuser.dat.LOG2 1E60: File (---) C:\Users\ncosa\ntuser.dat.LOG1 1E70: File (---) C:\Users\ncosa\NTUSER.DAT 1E8C: File (R--) C:\Users\ncosa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 1F54: File (R-D) C:\ProgramData\McAfee\MCLOGS\ETW\mclogs.etl 1FA4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 2128: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 2170: File (R-D) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20191107_141046_060.etl 2180: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat 2218: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 2238: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 2260: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG2 228C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMBAMSwissArmy.etl 2330: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 234C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\ActivationStore.dat 23C0: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMBAMChameleon.etl 244C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 2530: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 2708: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG2 2718: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1 2784: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\Cache\57863df8f8789d4e_COM15.dat 2838: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\ActivationStore.dat 2884: File (R--) C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll 2900: File (R--) C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll 2904: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMBAMWebProtection.etl 2930: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 2948: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMBAMProtection.etl 29A0: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\UserClasses.dat.LOG2 2A10: File (---) C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe 2A48: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.449_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG1 2D48: File (R-D) C:\ProgramData\McAfee\CSP\ETW\mclogs.etl 2E58: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 2EAC: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\UserClasses.dat 2EEC: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\User.dat.LOG1 2F5C: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat 2FCC: File (R--) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\Cache\57863df8f8789d4e.dat 2FDC: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 2FE8: File (RWD) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe 3124: File (---) C:\Users\ncosa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 3200: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 3254: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat 3288: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 32F4: File (---) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1 34BC: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 3578: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2 3620: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.YourPhone_1.19101.469.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 369C: File (---) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat 36E4: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1 36F4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.YourPhone_1.19101.469.0_x64__8wekyb3d8bbwe\ActivationStore.dat 3714: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.449_neutral__cw5n1h2txyewy\ActivationStore.dat 3750: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\Cache\57863df8f8789d4e_COM15.dat.LOG2 3880: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 3B84: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 3BC4: File (R-D) C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-11062019-135930-7-3f-18362.1.amd64fre.19h1_release.190318-1202.etl 3C98: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 3E50: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 3E80: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 3F60: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 3FA0: File (---) C:\System Volume Information\{6fb66043-00e0-11ea-9dbd-ac2b6e9e25c7}{3808876b-c176-4e48-b7ae-04046e6cc752} 3FE4: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\UserClasses.dat.LOG1 405C: File (---) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\User.dat.LOG2 40B0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG1 412C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.449_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG2 4188: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG2 4218: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 435C: File (---) C:\Users\ncosa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 462C: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 468C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 483C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 48D4: File (R--) C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-3643095105-563391038-1683927447-1001\SystemAppData\Helium\Cache\57863df8f8789d4e.dat 48EC: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat 491C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 4C58: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 4C68: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 4C94: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 4CCC: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 4CF8: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 4D44: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat 4E50: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 4E84: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG1 4EE4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 4EFC: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\ActivationStore.dat 4F00: File (R-D) C:\Program Files (x86)\TurboTax\Premier 2018\32bit\local\fuego\host\fonts\tt-icon-font\tt-icon-font.ttf 51C0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 51C4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 5348: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\ActivationStore.dat 539C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 5410: File (---) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2 54F0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat 5624: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat 565C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 5698: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat 56B8: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 571C: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG1 57A4: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat 57B0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG2 5818: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 58AC: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1 58D0: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG2 5B6C: File (R--) C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\ActivationStore.dat ------------------------------------------------------------------------------ smss.exe pid: 500 \ 3C: File (RW-) C:\Windows ------------------------------------------------------------------------------ csrss.exe pid: 748 \ 40: File (RW-) C:\Windows\System32 88: Section \Windows\SharedSection CC: File (R-D) C:\Windows\System32\en-US\csrss.exe.mui 170: File (R-D) C:\Windows\System32\en-US\winsrv.dll.mui FB4: File (R-D) C:\Windows\System32\en-US\user32.dll.mui ------------------------------------------------------------------------------ wininit.exe pid: 832 \ 40: File (RW-) C:\Windows\System32 118: File (R-D) C:\Windows\System32\en-US\user32.dll.mui ------------------------------------------------------------------------------ services.exe pid: 904 \ 40: File (RW-) C:\Windows\System32 210: File (R-D) C:\Windows\System32\en-US\services.exe.mui ------------------------------------------------------------------------------ lsass.exe pid: 924 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 100: Section \LsaPerformance 1F0: File (R-D) C:\Windows\System32\en-US\lsasrv.dll.mui 310: Section \BaseNamedObjects\Debug.Trace.Memory.39c 440: File (RW-) C:\Windows\debug\PASSWD.LOG EE8: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 1150: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Credentials 1154: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Credentials 12BC: File (R-D) C:\Windows\System32\en-US\vaultsvc.dll.mui 1544: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 22BC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 648 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 ------------------------------------------------------------------------------ svchost.exe pid: 660 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 1B4: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 29C: Section \BaseNamedObjects\windows_shell_global_counters 32C: Section \BaseNamedObjects\__ComCatalogCache__ 37C: Section \BaseNamedObjects\RotHintTable 390: Section \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9} 488: Section \BaseNamedObjects\__ComCatalogCache__ 6F0: Section \BaseNamedObjects\__ComCatalogCache__ 724: Section \BaseNamedObjects\__ComCatalogCache__ D04: Section \BaseNamedObjects\RotHintTable FE8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 17D4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ fontdrvhost.exe pid: 704 Font Driver Host\UMFD-0 40: File (RW-) C:\Windows\System32 ------------------------------------------------------------------------------ svchost.exe pid: 1028 NT AUTHORITY\NETWORK SERVICE 48: File (RW-) C:\Windows\System32 2AC: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 33C: Section \BaseNamedObjects\__ComCatalogCache__ 348: Section \BaseNamedObjects\__ComCatalogCache__ E30: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui F30: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 1084: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 1334: File (R--) C:\Windows\Registration\R000000000001.clb 14C8: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 14D0: Section \BaseNamedObjects\RotHintTable ------------------------------------------------------------------------------ svchost.exe pid: 1076 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 158: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 38C: File (R-D) C:\Windows\System32\en-US\lsm.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 1292 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2EC: File (RW-) C:\Windows\Tasks 544: Section \BaseNamedObjects\__ComCatalogCache__ 550: Section \BaseNamedObjects\__ComCatalogCache__ 554: File (R--) C:\Windows\Registration\R000000000001.clb 584: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 588: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 58C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 590: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 594: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 6BC: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 720: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 1320 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 14C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 244: Section \BaseNamedObjects\__ComCatalogCache__ 258: Section \BaseNamedObjects\__ComCatalogCache__ 404: Section \BaseNamedObjects\RotHintTable 470: File (R--) C:\Windows\Registration\R000000000001.clb 490: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 1328 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 280: Section \BaseNamedObjects\__ComCatalogCache__ 30C: Section \BaseNamedObjects\__ComCatalogCache__ 384: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 388: File (R--) C:\Windows\Registration\R000000000001.clb 3E8: Section \BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ svchost.exe pid: 1424 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 1460 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 24C: Section \BaseNamedObjects\__ComCatalogCache__ 2E8: Section \BaseNamedObjects\__ComCatalogCache__ 4B4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 1908: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1648 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 154: File (R-D) C:\Windows\System32\en-US\sysmain.dll.mui 2C0: Section \BaseNamedObjects\__ComCatalogCache__ 2D0: Section \BaseNamedObjects\__ComCatalogCache__ 394: Section \BaseNamedObjects\RotHintTable 45C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1656 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1DC: Section \Windows\Theme549371317 ------------------------------------------------------------------------------ svchost.exe pid: 1740 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 148: File (R--) C:\Windows\Registration\R000000000001.clb 220: Section \BaseNamedObjects\__ComCatalogCache__ 264: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 1744 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 1796 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 150: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx 16C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx 1D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx 1E4: File (R--) C:\Windows\System32\winevt\Logs\isaAgentLog.evtx 1F4: File (R--) C:\Windows\System32\winevt\Logs\System.evtx 208: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx 27C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx 284: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx 2D0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx 2E4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx 2E8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Admin.evtx 304: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx 308: File (R--) C:\Windows\System32\winevt\Logs\Application.evtx 320: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx 324: File (R--) C:\Windows\System32\winevt\Logs\Security.evtx 32C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx 330: File (R--) C:\Windows\System32\winevt\Logs\HardwareEvents.evtx 33C: File (R--) C:\Windows\System32\winevt\Logs\Internet Explorer.evtx 340: File (R--) C:\Windows\System32\winevt\Logs\Hewlett-Packard.evtx 344: File (R--) C:\Windows\System32\winevt\Logs\OAlerts.evtx 348: File (R--) C:\Windows\System32\winevt\Logs\Key Management Service.evtx 34C: File (R--) C:\Windows\System32\winevt\Logs\Setup.evtx 354: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx 368: File (R--) C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx 37C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx 388: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx 38C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx 390: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx 3A8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx 3B8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx 3DC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx 3E4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx 3E8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx 40C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx 418: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx 41C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx 430: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx 43C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx 454: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx 45C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx 470: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel.evtx 47C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx 480: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Restricted.evtx 484: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx 48C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx 490: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx 494: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx 498: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx 4AC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx 4B0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx 4DC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Time-Service%4Operational.evtx 4E0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx 50C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx 510: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx 514: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx 518: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx 524: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx 52C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx 534: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx 538: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx 53C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx 540: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx 544: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Audit.evtx 548: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx 54C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4FirewallDiagnostics.evtx 550: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx 554: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx 558: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Security.evtx 55C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Audit.evtx 560: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx 564: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx 568: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx 56C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-VPN%4Operational.evtx 570: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx 574: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx 578: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx 57C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx 584: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-CloudStore%4Operational.evtx 588: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx 58C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx 594: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx 598: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx 59C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx 5A0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx 5A4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx 5A8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx 5AC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx 5B0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx 5B4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx 5B8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx 5BC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx 5C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx 5C4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4LogonTasksChannel.evtx 5C8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx 5D0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx 5D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx 5D8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx 5E0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx 5E4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx 5E8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Steps-Recorder.evtx 5EC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx 5F0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx 600: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx 604: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx 610: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx 618: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync-OneDrive%4Operational.evtx 620: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync-OneDrive%4Debug.evtx 630: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx 634: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx 65C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx 660: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx 674: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx 67C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx 684: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx 69C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx 6A4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WorkFolders%4WHC.evtx 6AC: File (R--) C:\Windows\System32\winevt\Logs\microsoft-windows-diagnosis-scripted%4operational.evtx 6B0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx 6B4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx 6B8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx 6BC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Provisioning-Diagnostics-Provider%4Admin.evtx 6C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx 6C8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx 6CC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx 6D0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx 6D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx 6D8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Provisioning-Diagnostics-Provider%4AutoPilot.evtx 6E4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx 6F8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Biometrics%4Operational.evtx 6FC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx 700: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4PlaybackManager.evtx 708: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Provisioning-Diagnostics-Provider%4ManagementService.evtx 70C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx 710: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-LessPrivilegedAppContainer%4Operational.evtx 714: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx 738: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-ClassPnP%4Operational.evtx 76C: File (R-D) C:\Windows\System32\en-US\wevtapi.dll.mui 7AC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx 7E4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PackageStateRoaming%4Operational.evtx ------------------------------------------------------------------------------ svchost.exe pid: 1764 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 13C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 240: Section \BaseNamedObjects\__ComCatalogCache__ 24C: Section \BaseNamedObjects\__ComCatalogCache__ 2AC: Section \BaseNamedObjects\RotHintTable 2FC: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1772 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 284: Section \BaseNamedObjects\__ComCatalogCache__ 2D8: Section \BaseNamedObjects\__ComCatalogCache__ 428: Section \BaseNamedObjects\RotHintTable 444: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1780 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1DC: Section \BaseNamedObjects\__ComCatalogCache__ 234: Section \BaseNamedObjects\__ComCatalogCache__ 25C: File (R-D) C:\Windows\System32\es.dll 284: File (R-D) C:\Windows\System32\stdole2.tlb 378: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1788 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 148: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2A0: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 1268 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 140: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1AC: Section \BaseNamedObjects\SENS Information Cache 240: Section \BaseNamedObjects\__ComCatalogCache__ 24C: Section \BaseNamedObjects\__ComCatalogCache__ 3B0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ igfxCUIService.exe pid: 2104 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 208: Section \BaseNamedObjects\__ComCatalogCache__ 23C: File (R--) C:\Windows\Registration\R000000000001.clb 260: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 2168 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1F0: Section \BaseNamedObjects\__ComCatalogCache__ 220: Section \BaseNamedObjects\__ComCatalogCache__ 224: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2188 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1A4: File (RWD) C:\Windows\Fonts 1A8: File (RWD) C:\Program Files (x86)\TurboTax\Premier 2018\32bit\local\fuego\host\fonts 1E4: File (RWD) C:\Program Files (x86)\TurboTax\Premier 2018\32bit\local\fuego\host\fonts\tt-icon-font 1E8: File (RWD) C:\Program Files (x86)\TurboTax\Premier 2018\32bit\local\fuego\host\fonts\font-awesome-fonts 1F0: File (RWD) C:\Program Files (x86)\TurboTax\Premier 2018\32bit\local\fuego\host\fonts\Avenir 1F4: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontFace.dat 2C8: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-System.dat 554: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-21-3643095105-563391038-1683927447-1001.dat 5A0: File (R-D) C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontSet-S-1-5-21-3643095105-563391038-1683927447-1001.dat ------------------------------------------------------------------------------ svchost.exe pid: 2204 NT AUTHORITY\SYSTEM 50: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1B8: Section \BaseNamedObjects\__ComCatalogCache__ 1EC: Section \BaseNamedObjects\__ComCatalogCache__ 2C8: File (R-D) C:\Windows\System32\en-US\MMDevAPI.dll.mui 378: File (R-D) C:\Windows\System32\en-US\AudioEndpointBuilder.dll.mui 384: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2196 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 2316 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 2392 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 2448 NT AUTHORITY\NETWORK SERVICE 4C: File (RW-) C:\Windows\System32 128: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 694: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 6B8: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 714: File (R-D) C:\Windows\System32\en-US\wshqos.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 2480 NT AUTHORITY\NETWORK SERVICE 4C: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 228: File (RWD) C:\Windows\System32\drivers\etc ------------------------------------------------------------------------------ svchost.exe pid: 2544 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 14C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 224: Section \BaseNamedObjects\__ComCatalogCache__ 230: Section \BaseNamedObjects\__ComCatalogCache__ 30C: Section \BaseNamedObjects\windows_shell_global_counters 358: File (--D) C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat 4AC: Section \BaseNamedObjects\RotHintTable 5F8: File (--D) C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\S-1-5-21-3643095105-563391038-1683927447-1001_S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Geofence.dat 610: File (--D) C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\S-1-5-18_NonPackagedApp\Geofence.dat 73C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2604 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 230: Section \BaseNamedObjects\__ComCatalogCache__ 244: File (R-D) C:\Windows\System32\en-US\netprofmsvc.dll.mui 318: Section \BaseNamedObjects\__ComCatalogCache__ 714: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 14A4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2724 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1F0: Section \BaseNamedObjects\__ComCatalogCache__ 210: Section \BaseNamedObjects\__ComCatalogCache__ 334: Section \BaseNamedObjects\mmGlobalPnpInfo 440: File (R-D) C:\Windows\System32\en-US\AudioSrv.dll.mui 630: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ RtkAudioService64.exe pid: 2756 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 26C: Section \BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ svchost.exe pid: 2888 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1F4: Section \BaseNamedObjects\__ComCatalogCache__ 234: File (RW-) C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal 2D4: File (RW-) C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm 31C: Section \BaseNamedObjects\__ComCatalogCache__ 370: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 3A0: File (RW-) C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd 604: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2912 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 2908 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 140: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 324: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 338: Section \BaseNamedObjects\__ComCatalogCache__ 344: Section \BaseNamedObjects\__ComCatalogCache__ 348: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2084 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1C4: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 ------------------------------------------------------------------------------ svchost.exe pid: 2652 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2A4: Section \BaseNamedObjects\__ComCatalogCache__ 2B0: Section \BaseNamedObjects\__ComCatalogCache__ 2D0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 62C: Section \BaseNamedObjects\windows_shell_global_counters 820: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 3112 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 200: Section \BaseNamedObjects\__ComCatalogCache__ 308: Section \BaseNamedObjects\__ComCatalogCache__ 38C: Section \BaseNamedObjects\RotHintTable 4D0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ wlanext.exe pid: 3184 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 B8: File (R-D) C:\Windows\System32\en-US\wlanext.exe.mui 168: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 330: Section \BaseNamedObjects\{8A7ECA6A-FA03-4578-9037-A970D4F60B18} 344: Section \BaseNamedObjects\windows_shell_global_counters 348: Section \BaseNamedObjects\IWMSProvSharedMemory 38C: Section \BaseNamedObjects\FloresvilleIWMSInterface_Vista 42C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 4C8: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 6D0: Section \BaseNamedObjects\__ComCatalogCache__ 6DC: Section \BaseNamedObjects\__ComCatalogCache__ 6E4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ conhost.exe pid: 3192 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows 74: File (R-D) C:\Windows\System32\en-US\Conhost.exe.mui ------------------------------------------------------------------------------ spoolsv.exe pid: 3276 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 A8: File (R-D) C:\Windows\System32\en-US\spoolsv.exe.mui 3B0: File (R-D) C:\Windows\System32\en-US\localspl.dll.mui 3F4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 404: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 414: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 5A8: File (R-D) C:\Windows\System32\en-US\APMon.dll.mui 5B8: Section \BaseNamedObjects\__ComCatalogCache__ 5C8: Section \BaseNamedObjects\__ComCatalogCache__ 5EC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 6A4: File (R-D) C:\Windows\System32\en-US\win32spl.dll.mui 6BC: File (R-D) C:\Windows\System32\en-US\FXSRESM.dll.mui 6DC: File (R-D) C:\Windows\System32\en-US\inetpp.dll.mui 760: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 768: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 7A8: File (R-D) C:\Windows\System32\en-US\usbmon.dll.mui 7B0: File (RWD) C:\Windows\System32\spool\drivers\W32X86\PCC 7CC: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 7D4: File (RWD) C:\Windows\System32\spool\drivers\x64\PCC 7EC: File (RWD) C:\Windows\System32\spool\drivers\W32X86\PCC 844: File (R--) C:\Windows\System32\spool\V4Dirs\5E9570B2-A5A4-4EC7-B646-FC6DDB4C9575\d41f72f0.BUD 890: File (R-D) C:\Windows\System32\usbmon.dll 914: File (R--) C:\Windows\Registration\R000000000001.clb 944: File (R-D) C:\Windows\System32\stdole2.tlb 9FC: File (R-D) C:\Windows\System32\en-US\combase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 3360 NT AUTHORITY\LOCAL SERVICE 40: File (RW-) C:\Windows\System32 13C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D4: File (R-D) C:\Windows\System32\en-US\bfe.dll.mui 380: File (R-D) C:\Windows\System32\en-US\FirewallAPI.dll.mui 66C: Section \BaseNamedObjects\__ComCatalogCache__ 6AC: Section \BaseNamedObjects\__ComCatalogCache__ 6B0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 3416 NT AUTHORITY\NETWORK SERVICE 4C: File (RW-) C:\Windows\System32 11C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D0: File (---) \Device\Mup 1F4: File (---) \Device\Mup 2BC: File (R--) C:\Windows\Registration\R000000000001.clb 2F4: Section \BaseNamedObjects\__ComCatalogCache__ 300: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 3772 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 3780 NT AUTHORITY\NETWORK SERVICE 48: File (RW-) C:\Windows\System32 224: Section \BaseNamedObjects\__ComCatalogCache__ 2A4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 3904 NT AUTHORITY\SYSTEM 4C: File (RW-) C:\Windows\System32 17C: File (R--) C:\Windows\Registration\R000000000001.clb 1F4: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui 224: Section \BaseNamedObjects\__ComCatalogCache__ 230: Section \BaseNamedObjects\__ComCatalogCache__ 270: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2AC: File (RWD) C:\Windows\System32\inetsrv\config 2BC: File (RWD) C:\Windows\System32\inetsrv\config\schema 2D8: File (RWD) C:\Windows\System32\inetsrv\config\schema 2E8: File (RWD) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config 2F0: File (RWD) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config 2F4: File (RWD) C:\Windows\System32\inetsrv\config 2F8: File (RWD) C:\Windows\System32\inetsrv\config ------------------------------------------------------------------------------ EvtEng.exe pid: 3912 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 14C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 1C4: Section \BaseNamedObjects\windows_shell_global_counters 2B8: Section \BaseNamedObjects\__ComCatalogCache__ 360: Section \BaseNamedObjects\__ComCatalogCache__ 4AC: File (R--) C:\Program Files\Intel\WiFi\UnifiedLogging\MurocLog.log 4F8: File (RWD) C:\Program Files\Intel\WiFi\AutoImport 500: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ IRMTService.exe pid: 3968 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 74: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 278: Section \BaseNamedObjects\windows_shell_global_counters 27C: File (RW-) C:\ProgramData\Intel\iRMT\IRMTLog.txt 284: File (RW-) C:\ProgramData\Intel\iRMT\IRMTLog.txt 2D8: File (R--) C:\Windows\Registration\R000000000001.clb 33C: Section \BaseNamedObjects\__ComCatalogCache__ 348: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ ModuleCoreService.exe pid: 3936 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ svchost.exe pid: 3960 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 13C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1B4: Section \BaseNamedObjects\__ComCatalogCache__ 1C0: Section \BaseNamedObjects\__ComCatalogCache__ 2E8: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 31C: File (R--) C:\Windows\Registration\R000000000001.clb 35C: File (---) \Device\Mup ------------------------------------------------------------------------------ svchost.exe pid: 3944 NT AUTHORITY\NETWORK SERVICE 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D8: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 1E0: File (RWD) C:\Windows\System32\CatRoot 21C: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui 23C: Section \BaseNamedObjects\__ComCatalogCache__ 248: Section \BaseNamedObjects\__ComCatalogCache__ 2EC: File (---) C:\Windows\System32\catroot2\edb.log 308: File (---) C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm 33C: File (---) C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 34C: File (---) C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm 350: File (---) C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 35C: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 3BC: File (RWD) C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 434: File (R-D) C:\Windows\System32\en-US\winhttp.dll.mui 48C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\Microsoft\CryptnetUrlCache\MetaData 508: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 58C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 5C0: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 5D4: File (R--) C:\Windows\Registration\R000000000001.clb 60C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 610: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 720: File (RWD) C:\Users\ncosa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 744: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 760: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData 798: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 7DC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData A40: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData A44: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData AEC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData ------------------------------------------------------------------------------ ibtsiva.exe pid: 3952 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 ------------------------------------------------------------------------------ mfemms.exe pid: 3976 \ ------------------------------------------------------------------------------ mDNSResponder.exe pid: 3984 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 ------------------------------------------------------------------------------ IntelCpHDCPSvc.exe pid: 3996 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 228: Section \BaseNamedObjects\__ComCatalogCache__ 238: Section \BaseNamedObjects\__ComCatalogCache__ 2A4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4008 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2B4: File (RW-) C:\ProgramData\Microsoft\Diagnosis\EventStore.db-shm 2DC: File (RW-) C:\ProgramData\Microsoft\Diagnosis\EventStore.db 2F4: File (RW-) C:\ProgramData\Microsoft\Diagnosis\EventStore.db-wal 3E8: Section \BaseNamedObjects\__ComCatalogCache__ 3F8: Section \BaseNamedObjects\__ComCatalogCache__ 46C: File (RW-) C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db 470: File (RW-) C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-wal 474: File (RW-) C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-shm 528: File (RW-) C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-wal 530: File (RW-) C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-shm 534: File (RW-) C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db 580: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 614: File (RWD) C:\ProgramData\Microsoft\Diagnosis\Sideload 638: File (R-D) C:\Windows\System32\en-US\webservices.dll.mui 6F4: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 704: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 828: File (R-D) C:\Windows\System32\en-US\Windows.Web.dll.mui 8C8: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui BC4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4016 NT AUTHORITY\SYSTEM 10: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1CC: File (RWD) C:\Windows\System32\wbem\MOF 20C: Section \BaseNamedObjects\__ComCatalogCache__ 26C: Section \BaseNamedObjects\__ComCatalogCache__ 28C: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui 36C: File (R--) C:\Windows\System32\wbem\Repository\MAPPING1.MAP 370: File (R--) C:\Windows\System32\wbem\Repository\MAPPING2.MAP 374: File (R--) C:\Windows\System32\wbem\Repository\MAPPING3.MAP 378: File (R--) C:\Windows\System32\wbem\Repository\OBJECTS.DATA 37C: File (R--) C:\Windows\System32\wbem\Repository\INDEX.BTR 43C: Section \BaseNamedObjects\Wmi Provider Sub System Counters 84C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui A28: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4092 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 338: Section \BaseNamedObjects\__ComCatalogCache__ 344: Section \BaseNamedObjects\__ComCatalogCache__ 348: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ PEFService.exe pid: 2444 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ OfficeClickToRun.exe pid: 2552 NT AUTHORITY\SYSTEM 298: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2E4: Section \BaseNamedObjects\windows_shell_global_counters 30C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 380: File (R--) C:\Windows\Temp\officeclicktorun.exe_streamserver(201911061358049F8).log 3A4: File (RW-) C:\Program Files\Common Files\microsoft shared\ClickToRun 40C: File (R--) C:\Windows\Temp\DESKTOP-H6803IC-20191106-1358.log 51C: Section \BaseNamedObjects\__ComCatalogCache__ 538: Section \BaseNamedObjects\__ComCatalogCache__ 5A8: File (RW-) C:\Windows\Temp\mat-debug-2552.log 6F0: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 6F4: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db 6F8: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal 6FC: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm 720: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 7D4: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 7DC: Section \BaseNamedObjects\UrlZonesSM_DESKTOP-H6803IC$ 974: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui A14: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui C74: File (R--) C:\Windows\Registration\R000000000001.clb DF4: File (RW-) C:\Program Files\Common Files\microsoft shared\ClickToRun ------------------------------------------------------------------------------ svchost.exe pid: 3560 NT AUTHORITY\NETWORK SERVICE 48: File (RW-) C:\Windows\System32 128: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 370: File (R-D) C:\Windows\System32\en-US\hidphone.tsp.mui ------------------------------------------------------------------------------ RegSrvc.exe pid: 3744 NT AUTHORITY\SYSTEM 8: File (RW-) C:\Windows\System32 7C: Section \BaseNamedObjects\windows_shell_global_counters 1FC: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 2A0: Section \BaseNamedObjects\__ComCatalogCache__ 2E8: Section \BaseNamedObjects\__ComCatalogCache__ 3A0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ RichVideo64.exe pid: 4136 NT AUTHORITY\SYSTEM 44: File (RW-) C:\Windows\System32 70: File (RW-) C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9619_none_08e065a3a84109b0 22C: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 4148 NT AUTHORITY\LOCAL SERVICE 4C: File (RW-) C:\Windows\System32 E0: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 188: File (RW-) C:\Windows\debug\WIA\wiatrace.log 244: Section \BaseNamedObjects\__ComCatalogCache__ 2D4: Section \BaseNamedObjects\__ComCatalogCache__ 4A8: Section \BaseNamedObjects\windows_shell_global_counters 540: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 55C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4180 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 148: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1C4: File (RWD) D:\$Extend\$ObjId:$O:$INDEX_ALLOCATION 200: File (RWD) C:\$Extend\$ObjId:$O:$INDEX_ALLOCATION 224: File (R--) C:\System Volume Information\tracking.log 250: File (R--) D:\System Volume Information\tracking.log ------------------------------------------------------------------------------ svchost.exe pid: 4204 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 210: File (R-D) C:\Windows\System32\en-US\w32time.dll.mui 380: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ ZeroConfigService.exe pid: 4292 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 70: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 2C8: Section \BaseNamedObjects\__ComCatalogCache__ 304: Section \BaseNamedObjects\windows_shell_global_counters 32C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 3AC: Section \BaseNamedObjects\__ComCatalogCache__ 4E8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 758: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4308 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1DC: Section \BaseNamedObjects\__ComCatalogCache__ 1F8: Section \BaseNamedObjects\__ComCatalogCache__ 5F8: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db 5FC: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal 600: File (RW-) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm 648: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 7D4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4412 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 4696 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ svchost.exe pid: 4776 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 390: Section \BaseNamedObjects\__ComCatalogCache__ 39C: Section \BaseNamedObjects\__ComCatalogCache__ 4DC: File (R-D) C:\Windows\System32\en-US\iphlpsvc.dll.mui 700: File (R-D) C:\Windows\System32\en-US\wldap32.dll.mui 94C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ MBAMService.exe pid: 4792 \ 40: File (RW-) C:\Windows\System32 318: Section \BaseNamedObjects\__ComCatalogCache__ 3C8: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 3DC: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui 428: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 464: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 4D8: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 4EC: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 534: Section \BaseNamedObjects\__ComCatalogCache__ 664: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 6CC: File (RWD) C:\ProgramData\Malwarebytes\MBAMService\ArwDetections 6DC: File (RWD) C:\ProgramData\Malwarebytes\MBAMService\ScanResults 704: File (RWD) C:\ProgramData\Malwarebytes\MBAMService\RtpDetections 70C: File (RWD) C:\ProgramData\Malwarebytes\MBAMService\AeDetections 710: File (RWD) C:\ProgramData\Malwarebytes\MBAMService\MwacDetections 8B4: File (R-D) C:\Windows\System32\en-US\setupapi.dll.mui 90C: Section \BaseNamedObjects\windows_shell_global_counters 9AC: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 9E0: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe DD0: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 1010: File (---) \FileSystem\Filters\FltMgrMsg 1080: Section \BaseNamedObjects\UrlZonesSM_DESKTOP-H6803IC$ 10BC: File (RW-) C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat 22A4: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22AC: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22B4: File (R-D) C:\Windows\System32\stdole2.tlb 22C0: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22C4: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22CC: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22D4: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 22D8: File (R-D) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe 2318: File (---) \FileSystem\Filters\FltMgrMsg 2328: File (R--) C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG 25A0: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 25D8: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 2654: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 29EC: File (R--) C:\Windows\Registration\R000000000001.clb 2A80: File (R--) C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw ------------------------------------------------------------------------------ IntelCpHeciSvc.exe pid: 4828 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 11C: File (RW-) C:\Intel\Logs\IntelCPHS.log 1DC: Section \BaseNamedObjects\__ComCatalogCache__ 228: Section \BaseNamedObjects\__ComCatalogCache__ 22C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 5076 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 328: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 5B8: Section \BaseNamedObjects\__ComCatalogCache__ 5D0: Section \BaseNamedObjects\__ComCatalogCache__ 6CC: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ MMSSHOST.exe pid: 5432 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ mfevtps.exe pid: 5528 \ ------------------------------------------------------------------------------ ProtectedModuleHost.exe pid: 5684 \ ------------------------------------------------------------------------------ mfefire.exe pid: 596 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ unsecapp.exe pid: 6380 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 190: Section \BaseNamedObjects\__ComCatalogCache__ 1EC: Section \BaseNamedObjects\__ComCatalogCache__ 1F0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ WmiPrvSE.exe pid: 6512 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 174: File (R-D) C:\Windows\System32\en-US\user32.dll.mui 1B0: Section \BaseNamedObjects\Wmi Provider Sub System Counters 1E0: Section \BaseNamedObjects\__ComCatalogCache__ 1EC: Section \BaseNamedObjects\__ComCatalogCache__ 33C: Section \BaseNamedObjects\windows_shell_global_counters 36C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 37C: Section \BaseNamedObjects\IWMSProvSharedMemory 3DC: File (R--) C:\Windows\Registration\R000000000001.clb 40C: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 420: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 7092 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 228: Section \BaseNamedObjects\__ComCatalogCache__ 250: Section \BaseNamedObjects\__ComCatalogCache__ 48C: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 558: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 658: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ PresentationFontCache.exe pid: 7188 NT AUTHORITY\LOCAL SERVICE 40: File (RW-) C:\Windows\System32 14C: Section \BaseNamedObjects\Cor_Private_IPCBlock_7188 150: File (RW-) C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9659_none_88dfc6bf2faefcc6 160: Section \BaseNamedObjects\Cor_Public_IPCBlock_7188 224: Section \BaseNamedObjects\windows_shell_global_counters 28C: File (R--) C:\Windows\assembly\NativeImages_v2.0.50727_64\indexcd.dat 2C0: File (RW-) C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9659_none_88dfc6bf2faefcc6 2F4: File (R--) C:\Windows\assembly\pubpol180.dat 304: File (RW-) C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9659_none_88dfc6bf2faefcc6 308: Section \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 394: Section \BaseNamedObjects\Font Cache Mapping 3a71d7d1-583e-40f4-a50f-5afc8f92585f 3B4: File (R-D) C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp 3BC: File (R-D) C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp ------------------------------------------------------------------------------ svchost.exe pid: 7212 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 24C: Section \BaseNamedObjects\__ComCatalogCache__ 2AC: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 2B0: Section \BaseNamedObjects\__ComCatalogCache__ 414: Section \BaseNamedObjects\RotHintTable 430: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 45C: Section \BaseNamedObjects\windows_shell_global_counters 5FC: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 654: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 704: File (R--) C:\Windows\Registration\R000000000001.clb 7D8: File (R-D) C:\Windows\System32\en-US\ole32.dll.mui 7E8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 ------------------------------------------------------------------------------ dllhost.exe pid: 7344 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 11C: Section \BaseNamedObjects\__ComCatalogCache__ 128: Section \BaseNamedObjects\__ComCatalogCache__ 248: Section \BaseNamedObjects\windows_shell_global_counters 288: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCacheLock.dat 2AC: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 2B4: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\V01.log 2C0: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 2C4: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm 318: Section \BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-18 374: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 7564 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 344: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 7684 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 208: Section \BaseNamedObjects\__ComCatalogCache__ 240: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 334: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ SearchIndexer.exe pid: 7728 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 168: File (R-D) C:\Windows\System32\en-US\SearchIndexer.exe.mui 1A4: Section \BaseNamedObjects\windows_shell_global_counters 298: Section \BaseNamedObjects\UGATHERER 29C: Section \BaseNamedObjects\UGathererObj 2CC: Section \BaseNamedObjects\UGTHRSVC 2D0: Section \BaseNamedObjects\UGthrSvcObj 2D4: Section \BaseNamedObjects\__ComCatalogCache__ 2E4: Section \BaseNamedObjects\__ComCatalogCache__ 378: Section \BaseNamedObjects\IDA0: ESENT Performance Data Schema Version 293 3C4: Section \BaseNamedObjects\GDA: ESENT Performance Data Schema Version 293 414: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 434: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb 458: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm 5D0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 5E8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5EC: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 5F0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5F4: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 5F8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5FC: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 600: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{8BC184F0-7F0A-4E2F-8A13-948E71624034}.2.ver0x0000000000000007.db 604: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 608: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{0A9A6C4D-61A2-414F-BD29-F4B302EADF18}.2.ver0x0000000000000011.db 60C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 610: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{A2B390DB-591D-45A2-B5E0-C596F673B149}.2.ver0x0000000000000011.db 614: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 618: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{41EA03C8-52A0-4F19-AB0A-A535848FC398}.2.ver0x0000000000000011.db 620: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{214D0F48-B8D5-4C5A-80D1-7F2946E2591F}.2.ver0x0000000000000002.db 624: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 628: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{2DCF3D9C-2B9C-4E66-A332-61CE0EA6BFE4}.2.ver0x0000000000000002.db 62C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 630: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{CCE773BB-3B36-43B4-8B73-25F3BAB65AE4}.2.ver0x0000000000000002.db 798: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx 96C: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.395.Crwl 988: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 99C: File (R-D) C:\Windows\SystemResources\tquery.dll.mun 9A8: Section \BaseNamedObjects\WSearchIdxPi 9AC: Section \BaseNamedObjects\WseIdxPm A60: File (R-D) C:\Windows\System32\en-US\vsstrace.dll.mui AA0: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx B74: Section \BaseNamedObjects\windows_shell_global_counters BCC: File (R-D) C:\Windows\System32\en-US\tquery.dll.mui C08: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui D04: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro E10: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.395.gthr E14: File (R-D) C:\Windows\System32\en-US\winhttp.dll.mui E80: File (R--) C:\Windows\Registration\R000000000001.clb F98: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui FF8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 7876 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D8: File (R--) C:\Windows\Registration\R000000000001.clb 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 27C: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ mcapexe.exe pid: 8476 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ MfeAVSvc.exe pid: 9056 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ McCSPServiceHost.exe pid: 8832 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ mcshield.exe pid: 9024 NT AUTHORITY\SYSTEM ------------------------------------------------------------------------------ svchost.exe pid: 9652 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D8: Section \BaseNamedObjects\__ComCatalogCache__ 23C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 294: Section \BaseNamedObjects\__ComCatalogCache__ 3CC: File (R--) C:\Windows\Registration\R000000000001.clb 43C: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 4F0: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 654: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 65C: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 7536 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ SecurityHealthService.exe pid: 11720 \ 40: File (RW-) C:\Windows\System32 250: Section \BaseNamedObjects\__ComCatalogCache__ 32C: Section \BaseNamedObjects\__ComCatalogCache__ 598: Section \BaseNamedObjects\UrlZonesSM_DESKTOP-H6803IC$ 608: File (R-D) C:\Windows\System32\en-US\wscapi.dll.mui 6B0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ GoogleCrashHandler.exe pid: 12072 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Program Files (x86)\Google\Update\1.3.35.342 B4: Section \BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ GoogleCrashHandler64.exe pid: 12140 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Program Files (x86)\Google\Update\1.3.35.342 1DC: Section \BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ svchost.exe pid: 12260 \ 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 240: Section \BaseNamedObjects\__ComCatalogCache__ 280: Section \BaseNamedObjects\__ComCatalogCache__ 284: File (R--) C:\Windows\Registration\R000000000001.clb 328: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui ------------------------------------------------------------------------------ HPSupportSolutionsFrameworkService.exe pid: 4348 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 174: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_4348 178: Section \...\Cor_SxSPublic_IPCBlock 284: File (R--) C:\Windows\assembly\pubpol180.dat 298: File (R-D) C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Common\8.0.0.0__41bdec5abf54f6dc\HP.SupportFramework.Common.dll 320: Section \BaseNamedObjects\windows_shell_global_counters 3AC: File (R-D) C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.ServiceManager\8.0.0.0__afd7346f05a57c11\HP.SupportFramework.ServiceManager.dll 3D8: Section \BaseNamedObjects\net.pipe:EbmV0LnBpcGU6Ly8rL0hQU1VQUE9SVFNPTFVUSU9OU0ZSQU1FV09SSy9IUFNBLw== 59C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\CommunicationObjects.dll 5E8: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryMethodSlpMulticast.dll 630: Section \BaseNamedObjects\__ComCatalogCache__ 640: Section \BaseNamedObjects\__ComCatalogCache__ 6DC: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll 75C: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 78C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryMethodWS.dll 79C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 7CC: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryObjects.dll 844: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DetectionInterop.dll 8B8: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryLibrary.dll 8F4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 900: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryManager.dll 914: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\Core.dll 924: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\MoabResolvers.dll 960: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\Discovery.dll 980: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\SUDF\HP.SUDFClient.dll 9D0: Section \BaseNamedObjects\UrlZonesSM_DESKTOP-H6803IC$ 9FC: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\CommunicationWS.dll A00: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\CommunicationSnmp.dll A3C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\EAPDiscoveryInterface.dll AAC: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryMethodBroadcast.dll BA8: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\DiscoveryResolverManager.dll D38: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\MoabObjects.dll D3C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\CommunicationCredentials.dll EE0: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\NetToolWorks.Snmp.dll F40: Section \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 F6C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe FBC: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HP.SSF.Controllers.Pit.dll FF8: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\FusionHarvester.dll FFC: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HP.SSF.Common.dll 1038: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 10B0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 1150: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfController.dll 1154: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HP.SSF.Controllers.IdfClient.dll 117C: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfSoftware.Common.dll 1188: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfSoftware.Builders.dll 1198: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 119C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 11A0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 11A4: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfSoftware.Parsers.dll 11A8: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfSoftware.Harvesters.dll 11AC: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 11C4: File (R-D) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\IdfSoftware.Contracts.dll 11D0: Section \BaseNamedObjects\windows_shell_global_counters 1270: File (R--) C:\Windows\Registration\R000000000001.clb 133C: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui ------------------------------------------------------------------------------ IntuitUpdateService.exe pid: 11932 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 F8: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll 1C8: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_11932 1CC: Section \...\Cor_SxSPublic_IPCBlock 2D4: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll 304: File (R--) C:\Windows\assembly\pubpol180.dat 380: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll 3EC: Section \BaseNamedObjects\windows_shell_global_counters 3F0: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 418: File (R--) C:\Windows\assembly\pubpol180.dat 41C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.Client.Common\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll 424: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll 42C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll 460: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll 478: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll 47C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll 488: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll 48C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll 4B8: File (RWD) C:\ProgramData\Intuit\Common\Update Service\v4\Logs 4D8: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll 4DC: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.5.5.1__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll 4F4: File (R-D) C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll 544: Section \BaseNamedObjects\UrlZonesSM_DESKTOP-H6803IC$ 568: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll 56C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll 570: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 5A0: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.5.1.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll 5AC: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 600: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 694: Section \BaseNamedObjects\__ComCatalogCache__ 7C8: File (RW-) C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9619_none_508d9c7abcbd32b6 7CC: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 7D0: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 7F0: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll 920: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 930: File (RWD) C:\ProgramData\Intuit\Common\Update Service\v4\Logs 934: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll 958: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.5.1.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll 98C: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll A00: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll A0C: Section \BaseNamedObjects\__ComCatalogCache__ A10: File (R--) C:\Windows\Registration\R000000000001.clb A20: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll A24: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll A40: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ------------------------------------------------------------------------------ jhi_service.exe pid: 2216 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 ------------------------------------------------------------------------------ LMS.exe pid: 10824 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 37C: File (RW-) C:\Windows\SysWOW64\Gms.log 39C: Section \BaseNamedObjects\__ComCatalogCache__ 41C: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui ------------------------------------------------------------------------------ SgrmBroker.exe pid: 5008 \ 3C: File (RW-) C:\Windows ------------------------------------------------------------------------------ svchost.exe pid: 6976 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1EC: Section \BaseNamedObjects\__ComCatalogCache__ 1F8: Section \BaseNamedObjects\__ComCatalogCache__ 348: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 49C: Section \BaseNamedObjects\windows_shell_global_counters 4D4: File (R-D) C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.b7c49d37-9ef5-4398-b5d8-575db112226f.4.etl 50C: File (R--) C:\Windows\Registration\R000000000001.clb 630: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 8948 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 308: Section \BaseNamedObjects\windows_shell_global_counters 388: File (R--) C:\Windows\Registration\R000000000001.clb 3B4: Section \BaseNamedObjects\__ComCatalogCache__ 3BC: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 7420 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 260: Section \BaseNamedObjects\__ComCatalogCache__ 2AC: Section \BaseNamedObjects\__ComCatalogCache__ 2C8: Section \BaseNamedObjects\windows_shell_global_counters 2D8: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 2F4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 3E0: File (R-D) C:\Windows\System32\en-US\Windows.Web.dll.mui 480: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 570: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 658: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 758: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 13028 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D8: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 364: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 1712 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 1BC: File (R-D) C:\Windows\System32\en-US\wbiosrvc.dll.mui 1E4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 244: File (R-D) C:\Windows\System32\en-US\newdev.dll.mui 280: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 310: Section \BaseNamedObjects\__ComCatalogCache__ 314: File (R--) C:\Windows\Registration\R000000000001.clb 340: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 344: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 348: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 34C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 360: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 3D4: File (RW-) C:\Windows\System32\WinBioDatabase\51F39552-1075-4199-B513-0C10EA185DB0.DAT ------------------------------------------------------------------------------ svchost.exe pid: 13696 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 220: Section \BaseNamedObjects\__ComCatalogCache__ 22C: Section \BaseNamedObjects\__ComCatalogCache__ 230: File (R--) C:\Windows\Registration\R000000000001.clb 28C: Section \BaseNamedObjects\windows_shell_global_counters 37C: Section \BaseNamedObjects\windows_shell_global_counters 3B0: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3B4: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 3B8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3BC: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 3C4: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 3E8: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro ------------------------------------------------------------------------------ isa.exe pid: 14240 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 1C8: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_14240 1CC: Section \...\Cor_SxSPublic_IPCBlock 2EC: File (R--) C:\Windows\assembly\pubpol180.dat 3C4: Section \BaseNamedObjects\windows_shell_global_counters 3D4: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll 4C4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 54C: Section \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 ------------------------------------------------------------------------------ svchost.exe pid: 14504 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 214: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 260: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ svchost.exe pid: 568 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 24C: Section \BaseNamedObjects\__ComCatalogCache__ 250: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 2236 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 254: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 13516 \ 48: File (RW-) C:\Windows\System32 128: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 278: Section \BaseNamedObjects\__ComCatalogCache__ 294: File (R-D) C:\Windows\System32\en-US\dosvc.dll.mui 29C: Section \BaseNamedObjects\__ComCatalogCache__ 43C: File (R-D) C:\Windows\System32\en-US\Windows.Web.dll.mui 494: File (R--) C:\Windows\Registration\R000000000001.clb 4AC: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 51C: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 590: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 59C: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui 64C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 3432 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1D8: Section \BaseNamedObjects\__ComCatalogCache__ 20C: Section \BaseNamedObjects\__ComCatalogCache__ 21C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 14244 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 144: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 200: Section \BaseNamedObjects\windows_shell_global_counters 244: Section \BaseNamedObjects\GDA: ESENT Performance Data Schema Version 293 24C: Section \BaseNamedObjects\IDA1: ESENT Performance Data Schema Version 293 25C: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 280: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log 2A4: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm 2A8: File (---) C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat 2D0: Section \BaseNamedObjects\__ComCatalogCache__ 2DC: Section \BaseNamedObjects\__ComCatalogCache__ 2E0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ WmiPrvSE.exe pid: 968 NT AUTHORITY\NETWORK SERVICE 160: File (R-D) C:\Windows\System32\en-US\user32.dll.mui 19C: Section \BaseNamedObjects\Wmi Provider Sub System Counters 1D0: Section \BaseNamedObjects\__ComCatalogCache__ 1DC: Section \BaseNamedObjects\__ComCatalogCache__ 1F0: File (R-D) C:\Windows\System32\wbem\en-US\cimwin32.dll.mui E4C: Section \BaseNamedObjects\windows_shell_global_counters 1054: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 10D0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 10EC: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 10F4: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1100: File (R--) C:\Windows\System32\spool\V4Dirs\5E9570B2-A5A4-4EC7-B646-FC6DDB4C9575\d41f72f0.BUD 1110: File (R--) C:\Windows\System32\spool\drivers\x64\3\HPOJ8710_fax_print.BUD 1130: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1168: File (RW-) C:\Windows\Temp\FXSTIFFDebugLogFile.txt 116C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 11AC: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 11CC: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1200: File (R-D) C:\Windows\System32\en-US\jscript.dll.mui 1204: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1208: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1210: File (R-D) C:\Windows\System32\stdole2.tlb 1218: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1258: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1284: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 12A0: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 12D4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 12E0: File (R-D) C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_e4ff50d4d5f8b2aa\Amd64\PrintConfig.dll 12E4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 12EC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 1308: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1310: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1314: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1318: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1328: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 132C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1334: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1340: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1344: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 134C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1354: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 135C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1364: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 136C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1374: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 137C: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1384: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1388: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1390: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 1398: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13A0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13A8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13B0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13B8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13C0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13C8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13D0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13D8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13E0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13E8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 13F0: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]ExtMonitorMappedFile 13F8: Section \BaseNamedObjects\HPOJ8710_FaxPCSendRenderPlugin[968]RegValuesMappedFile 1404: File (RW-) C:\Windows\Temp\FXSAPIDebugLogFile.txt 1408: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1428: File (RW-) C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_ce3301b66255a0fb\Amd64 1678: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ csrss.exe pid: 17056 \ 40: File (RW-) C:\Windows\System32 84: Section \Sessions\7\Windows\SharedSection 254: File (R-D) C:\Windows\System32\en-US\winsrv.dll.mui ------------------------------------------------------------------------------ winlogon.exe pid: 17160 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 22C: Section \Sessions\7\Windows\ThemeSection 23C: Section \Sessions\7\Windows\Theme3425282097 244: Section \Windows\Theme549371317 390: File (R-D) C:\Windows\System32\en-US\winlogon.exe.mui 410: File (R-D) C:\Windows\System32\en-US\user32.dll.mui ------------------------------------------------------------------------------ dwm.exe pid: 2016 Window Manager\DWM-7 40: File (RW-) C:\Windows\System32 CC: File (R-D) C:\Windows\System32\en-US\dwm.exe.mui 50C: Section \BaseNamedObjects\__ComCatalogCache__ 51C: Section \Windows\Theme549371317 544: Section \BaseNamedObjects\__ComCatalogCache__ 73C: File (R--) C:\Windows\Registration\R000000000001.clb 860: File (R--) C:\ProgramData\Intel\ShaderCache\dwm_1 8D4: File (R-D) C:\Windows\System32\en-US\d2d1.dll.mui 9F4: Section \Sessions\7\Windows\Theme3425282097 AB0: File (R-D) C:\Windows\Fonts\StaticCache.dat ------------------------------------------------------------------------------ fontdrvhost.exe pid: 2524 Font Driver Host\UMFD-7 40: File (RW-) C:\Windows\System32 ------------------------------------------------------------------------------ RAVBg64.exe pid: 12580 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows\System32 70: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 78: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 380: Section \BaseNamedObjects\__ComCatalogCache__ 38C: Section \BaseNamedObjects\__ComCatalogCache__ 4A4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ McUICnt.exe pid: 8372 DESKTOP-H6803IC\NC&CC ------------------------------------------------------------------------------ sihost.exe pid: 16672 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 184: Section \BaseNamedObjects\__ComCatalogCache__ 1AC: Section \BaseNamedObjects\__ComCatalogCache__ 5D0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui E4C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 16816 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 140: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 26C: Section \BaseNamedObjects\__ComCatalogCache__ 2A4: Section \BaseNamedObjects\__ComCatalogCache__ 3AC: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3B8: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 420: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 4C8: File (RW-) C:\Users\ncosa\AppData\Local\ConnectedDevicesPlatform\26675ac542dc0ad9\ActivitiesCache.db 4CC: File (RW-) C:\Users\ncosa\AppData\Local\ConnectedDevicesPlatform\26675ac542dc0ad9\ActivitiesCache.db-shm 4D0: File (RW-) C:\Users\ncosa\AppData\Local\ConnectedDevicesPlatform\26675ac542dc0ad9\ActivitiesCache.db-wal 544: File (R--) C:\Windows\Registration\R000000000001.clb 668: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 6A8: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 13812 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 130: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1F4: Section \BaseNamedObjects\__ComCatalogCache__ 200: Section \BaseNamedObjects\__ComCatalogCache__ 320: File (RW-) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db 324: File (RW-) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal 328: File (RW-) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm 334: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 384: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 464: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 63C: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 67C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 770: File (R-D) C:\Windows\System32\en-US\QuietHours.dll.mui 8D4: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 938: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui A78: File (R-D) C:\Windows\System32\en-US\NotificationController.dll.mui B1C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db B40: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ igfxEM.exe pid: 9720 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 234: Section \BaseNamedObjects\__ComCatalogCache__ 238: File (R-D) C:\Windows\System32\en-US\user32.dll.mui 250: Section \Sessions\7\Windows\Theme3425282097 254: Section \Windows\Theme549371317 294: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2FC: Section \BaseNamedObjects\__ComCatalogCache__ 310: File (R--) C:\Windows\Registration\R000000000001.clb 37C: Section \BaseNamedObjects\windows_shell_global_counters 3D8: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 404: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 408: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 410: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 414: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 474: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 588: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 5A4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5AC: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 ------------------------------------------------------------------------------ taskhostw.exe pid: 1016 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 10C: File (R-D) C:\Windows\System32\en-US\taskhostw.exe.mui 17C: Section \Windows\Theme549371317 180: Section \Sessions\7\Windows\Theme3425282097 1A4: Section \BaseNamedObjects\__ComCatalogCache__ 1B4: Section \BaseNamedObjects\__ComCatalogCache__ 1BC: File (R--) C:\Windows\Registration\R000000000001.clb 1DC: File (R-D) C:\Windows\System32\en-US\MsCtfMonitor.dll.mui 2A0: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 308: File (R-D) C:\Windows\System32\en-US\winmm.dll.mui 324: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 350: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 5E8: File (R-D) C:\Windows\System32\en-US\MMDevAPI.dll.mui 664: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01.log 684: File (R-D) C:\Windows\System32\en-US\wdmaud.drv.mui 780: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log 7A0: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm 834: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCacheLock.dat A08: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat ------------------------------------------------------------------------------ ctfmon.exe pid: 14368 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 108: File (R-D) C:\Windows\System32\en-US\ctfmon.exe.mui 1B4: Section \BaseNamedObjects\__ComCatalogCache__ 2A8: Section \Windows\Theme549371317 2AC: Section \Sessions\7\Windows\Theme3425282097 378: Section \Sessions\7\BaseNamedObjects\AsyncKeyStateTrackerSharedMemory 3FC: Section \BaseNamedObjects\__ComCatalogCache__ 4F4: Section \Sessions\7\BaseNamedObjects\ImeSipSharedMapping 56C: Section \Sessions\7\BaseNamedObjects\CTF.AsmListCache.FMPDefault7 590: File (R--) C:\Windows\System32\en-US\datamap.0409.dat 684: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ mbamtray.exe pid: 6972 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows 84: File (RW-) C:\Program Files\Malwarebytes\Anti-Malware F0: Section \Windows\Theme549371317 2BC: Section \Sessions\7\Windows\Theme3425282097 2D8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 2DC: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 314: Section \Sessions\7\BaseNamedObjects\qipc_sharedmemory_eeaafcafdcdffcedbfaf22673a706241a6af7c3851d07ae61606b4a8f76e 374: Section \BaseNamedObjects\__ComCatalogCache__ 384: Section \BaseNamedObjects\__ComCatalogCache__ 388: File (R--) C:\Windows\Registration\R000000000001.clb 470: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 484: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 6B8: Section \BaseNamedObjects\windows_shell_global_counters 6C8: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui 734: Section \Sessions\7\BaseNamedObjects\1b3cHWNDInterface:20322 738: Section \Sessions\7\BaseNamedObjects\1b3cHWNDInterface:20322 ------------------------------------------------------------------------------ svchost.exe pid: 16748 NT AUTHORITY\LOCAL SERVICE 48: File (RW-) C:\Windows\System32 138: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ explorer.exe pid: 6712 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 11C: File (R-D) C:\Windows\en-US\explorer.exe.mui 2BC: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 2C4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2D0: Section \BaseNamedObjects\__ComCatalogCache__ 2DC: Section \BaseNamedObjects\__ComCatalogCache__ 2E8: Section \BaseNamedObjects\windows_shell_global_counters 320: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3D4: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu 3DC: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu 3EC: File (RWD) C:\Users\ncosa\OneDrive\Pictures 40C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 414: File (R-D) C:\Windows\SystemResources\imageres.dll.mun 434: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui 50C: File (R-D) C:\Windows\System32\en-US\mpr.dll.mui 524: File (R--) C:\Windows\Registration\R000000000001.clb 528: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10186 530: File (RWD) C:\Users\ncosa\OneDrive\Pictures 598: File (R-D) C:\Windows\System32\en-US\oleaccrc.dll.mui 59C: Section \Windows\Theme549371317 5A0: Section \Sessions\7\Windows\Theme3425282097 5AC: File (R-D) C:\Windows\Fonts\StaticCache.dat 5E4: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1011c 60C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1011c 620: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 650: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1012c 654: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1012c 658: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10126 65C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10126 724: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 744: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 748: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 74C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 754: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 7A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache 7B0: File (RWD) C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.31001.0_x64__8wekyb3d8bbwe 7D4: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10124 81C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 830: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10124 83C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 85C: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 860: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 8A0: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:504e4 918: File (---) \FileSystem\Filters\FltMgrMsg 95C: File (RWD) C:\Windows\bcastdvr 9CC: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\GameDVR 9DC: File (RWD) C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.31001.0_x64__8wekyb3d8bbwe B28: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018e B3C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 BE0: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs BF8: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10182 C08: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10182 C10: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10184 C18: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018c C20: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs C50: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10184 C54: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState C5C: File (R-D) C:\Windows\System32\en-US\twinui.pcshell.dll.mui C74: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10186 C8C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\RoamingState C98: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10190 CAC: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018e CB4: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10190 D44: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Burn DF0: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 10 - 2019 01 DF4: File (R--) C:\Users\ncosa\AppData\Local\Microsoft\GameDVR\KnownGameList.bin E1C: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos E20: File (RWD) C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.31001.0_x64__8wekyb3d8bbwe E28: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10192 E2C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10192 E50: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018c E80: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10188 E84: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018a E88: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:10188 E8C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1018a EBC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState 1058: File (R--) C:\ProgramData\Intel\ShaderCache\Explorer_1 106C: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Libraries 10C8: File (R-D) C:\Windows\System32\en-US\dsreg.dll.mui 10DC: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:2013e 1118: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 1174: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:2013e 1198: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:504e4 11C8: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 11F0: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 1204: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 127C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:504e4 12A8: File (RWD) C:\Users\Public\Desktop 12B0: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 12C8: File (R-D) C:\Windows\SystemResources\ExplorerFrame.dll.mun 1354: File (RWD) C:\Users\ncosa\Desktop 1390: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 13B0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState 13E8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1458: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC 145C: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 147C: File (R-D) C:\Windows\SystemResources\shell32.dll.mun 1494: File (RWD) C:\Users\ncosa\OneDrive\Pictures 14BC: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Internet Explorer\TabRoaming 14DC: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 14E8: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd 14EC: File (R-D) C:\Windows\System32\en-US\explorerframe.dll.mui 1534: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Network Shortcuts 1578: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState 15C0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui 15F8: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Burn 1634: File (RWD) C:\Users\ncosa\AppData\Local\Packages\AdobeSystemsIncorporated.AdobeReader_ynb6jyjzte8ga\RoamingState 167C: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 10 - 2019 01 16AC: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 16CC: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1768: File (R-D) C:\Windows\System32\en-US\ApplicationFrame.dll.mui 1774: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:20170 1778: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:20170 177C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:20170 1784: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 17F8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 17FC: File (R-D) C:\Windows\System32\en-US\InputSwitch.dll.mui 1804: File (R-D) C:\Windows\SystemResources\stobject.dll.mun 1838: File (R-D) C:\Windows\System32\en-US\stobject.dll.mui 183C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 184C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{41EA03C8-52A0-4F19-AB0A-A535848FC398}.2.ver0x0000000000000011.db 1878: File (R-D) C:\Windows\SystemResources\SndVolSSO.dll.mun 18A4: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 1934: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 1938: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 19E4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{214D0F48-B8D5-4C5A-80D1-7F2946E2591F}.2.ver0x0000000000000002.db 1A04: File (R-D) C:\Windows\System32\en-US\sndvolsso.dll.mui 1A10: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1A38: File (R-D) C:\Windows\System32\en-US\wscui.cpl.mui 1A48: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{2DCF3D9C-2B9C-4E66-A332-61CE0EA6BFE4}.2.ver0x0000000000000002.db 1A78: File (RWD) C:\Users\ncosa\AppData\Local\Packages\9E2F88E3.Twitter_wgeqdkkx372wm\RoamingState 1A80: File (RWD) C:\Users\ncosa\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState 1A88: File (RWD) C:\Users\ncosa\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState 1AA4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\AD2F1837.HPConnectedPhotopoweredbySnapfish_v10z8vjag6ke6\RoamingState 1AA8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1AAC: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 10 - 2019 01 1ABC: File (R-D) C:\Windows\System32\en-US\DeviceSetupManagerApi.dll.mui 1ADC: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 1B00: Section \BaseNamedObjects\RotHintTable 1B54: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Internet Explorer\TabRoaming 1C1C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState 1C4C: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:100d6 1C58: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1C78: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos 1C98: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{CCE773BB-3B36-43B4-8B73-25F3BAB65AE4}.2.ver0x0000000000000002.db 1C9C: File (RWD) C:\ProgramData\Microsoft\Windows\WER\ReportArchive 1CB8: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:100d6 1CBC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState 1CD4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState 1CD8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState 1CF8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState 1CFC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1D14: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState 1D44: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs 1D98: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos 1DA4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1E00: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState 1E0C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState 1E10: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\RoamingState 1E40: File (R-D) C:\Windows\System32\en-US\FXSRESM.dll.mui 1E48: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1E54: File (RWD) C:\Users\ncosa\Favorites 1E68: File (RWD) C:\Users\ncosa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState 1E70: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Vault\UserProfileRoaming 1F40: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState 1F64: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\PicturePassword 1F80: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 1FC4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState 1FCC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\AD2F1837.HPPrinterControl_v10z8vjag6ke6\RoamingState 1FD4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{8BC184F0-7F0A-4E2F-8A13-948E71624034}.2.ver0x0000000000000007.db 2018: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 206C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState 2094: File (R-D) C:\Windows\System32\en-US\zipfldr.dll.mui 20C0: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 06 20E0: File (RW-) C:\Users\ncosa\AppData\Local\Temp\FXSAPIDebugLogFile.txt 20E4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2194: File (RWD) C:\Users\ncosa\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState 21A8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\RoamingState 21AC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState 21B4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState 21C0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\RoamingState 21C4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\RoamingState 21C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState 21D4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\RoamingState 2228: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ConnectivityStore_8wekyb3d8bbwe\RoamingState 2230: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState 2238: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState 2240: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\RoamingState 2244: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\RoamingState 2250: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState 2258: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\RoamingState 2260: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe\RoamingState 2268: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\RoamingState 2270: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\RoamingState 2278: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\RoamingState 2280: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState 2288: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RoamingState 2290: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\RoamingState 229C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\RoamingState 22A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState 22A4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState 22AC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Office.Sway_8wekyb3d8bbwe\RoamingState 22CC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState 22D0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\RoamingState 22D4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\RoamingState 22E8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState 22EC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\RoamingState 22F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\RoamingState 22F8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\RoamingState 2300: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\RoamingState 232C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\RoamingState 2344: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\RoamingState 2364: File (R-D) C:\Windows\System32\en-US\pnidui.dll.mui 2368: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\RoamingState 236C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState 2394: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 23D0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\RoamingState 23D4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState 23E4: File (R-D) C:\Windows\System32\en-US\bthprops.cpl.mui 23F0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RoamingState 23F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState 23FC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState 2408: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState 2410: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState 2418: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState 2420: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState 2428: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState 2430: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState 2434: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState 2438: File (RWD) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState 2454: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState 2458: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState 2460: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState 2464: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState 246C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\RoamingState 2474: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState 2484: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState 2490: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState 2498: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState 24A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState 24CC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState 24D0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState 24F0: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2514: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 257C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2580: File (R-D) C:\Windows\System32\en-US\imapi2.dll.mui 26AC: File (RWD) C:\Windows\Fonts\segoeui.ttf 2728: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Network Shortcuts 2750: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1034a 2758: Section \Sessions\7\BaseNamedObjects\1a38HWNDInterface:1034a 27E0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 27EC: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Start Menu 27FC: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\WER\ERC 285C: File (RWD) C:\Users\ncosa\Favorites 28E0: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 06 2920: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{A2B390DB-591D-45A2-B5E0-C596F673B149}.2.ver0x0000000000000011.db 2928: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 2988: File (R-D) C:\Windows\System32\en-US\ActionCenter.dll.mui 2998: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Start Menu 2A04: File (RWD) C:\Users\ncosa\AppData\Roaming\Microsoft\Windows\Libraries 2A0C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db 2A54: File (RWD) C:\Users\ncosa\Desktop 2A64: File (RWD) C:\Users\ncosa\OneDrive\Documents\Our Photos\2018 06 2AC0: Section \Sessions\7\BaseNamedObjects\windows_ie_global_counters 2AD4: File (R-D) C:\Windows\System32\en-US\ieframe.dll.mui 2AFC: File (R-D) C:\Windows\System32\en-US\dui70.dll.mui 2B4C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{0A9A6C4D-61A2-414F-BD29-F4B302EADF18}.2.ver0x0000000000000011.db 2B68: File (RWD) C:\Users\Public\Desktop 2B9C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 2BB0: File (R-D) C:\Windows\System32\en-US\hcproviders.dll.mui 2CE8: File (R-D) C:\Windows\System32\en-US\twext.dll.mui 2E40: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2EF0: File (R-D) C:\Windows\System32\en-US\ntshrui.dll.mui 2FD0: File (R-D) C:\Windows\System32\en-US\ole32.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 12956 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 130: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 1A8: File (R--) C:\Windows\Registration\R000000000001.clb 1DC: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ StartMenuExperienceHost.exe pid: 15248 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy 120: Section \BaseNamedObjects\__ComCatalogCache__ 24C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\ApplicationService:3b901d5967d64b1615a 3A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\SessionImmersiveColorPreference 470: File (RWD) C:\Windows\Fonts\segoeui.ttf 52C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 530: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 56C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 5DC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 5E0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 64C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\windows_shell_global_counters 694: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 6C0: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 7EC: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 848: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 904: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 920: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 924: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 954: File (R-D) C:\Windows\System32\en-US\Windows.Globalization.dll.mui 990: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 9B4: File (RWD) C:\Windows\Fonts\segoeuib.ttf 9CC: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui 9DC: File (R--) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin 9E0: File (R--) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin 9F4: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db C78: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000\3b90HWNDInterface:101d0 ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 16420 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 180: Section \BaseNamedObjects\__ComCatalogCache__ 264: Section \BaseNamedObjects\__ComCatalogCache__ 278: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 294: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 2A8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 414: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 418: File (R-D) C:\Windows\System32\en-US\ShutdownUX.dll.mui 4A4: File (R--) C:\Windows\Registration\R000000000001.clb 4D4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 4DC: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 564: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 56C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 578: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 638: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 6B0: Section \BaseNamedObjects\windows_shell_global_counters 6BC: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 708: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 714: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC ------------------------------------------------------------------------------ SearchUI.exe pid: 16576 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy 1E0: Section \BaseNamedObjects\__ComCatalogCache__ 348: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\ApplicationService:40c01d5967d67b81791 410: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 420: File (RWD) C:\Windows\Fonts\simsun.ttc 444: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\SessionImmersiveColorPreference 51C: File (RWD) C:\Windows\Fonts\segoeui.ttf 5B8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 5BC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 604: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 710: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\windows_shell_global_counters 73C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 744: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 7C4: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 7CC: File (R-D) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl 7E8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 7EC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 7F8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 7FC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 81C: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 838: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 848: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 914: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\UrlZonesSM_NC&CC 9E4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a A2C: File (R-D) C:\Windows\SystemResources\edgehtml.dll.mun A40: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro A50: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a A58: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a A68: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a AB4: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 B50: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a C74: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe CC0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent CC4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe CD8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui CF0: File (R-D) C:\Windows\System32\en-US\edgehtml.dll.mui CF4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:10216 D08: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe D10: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail D24: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App DEC: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui E14: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui E6C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db ED0: File (R-D) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Internal.Search.winmd ED8: File (R-D) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Search.winmd EE0: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd EE8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Security.winmd EF0: File (R-D) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Tips.winmd EF8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Storage.winmd F08: File (R-D) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SPA.winmd F10: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd F5C: Section \Windows\Theme549371317 F60: Section \Sessions\7\Windows\Theme3425282097 F8C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 10B4: File (R-D) C:\Windows\System32\WinMetadata\Windows.Web.winmd 10BC: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd 10F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1108: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\MSIMGSIZECacheMapACLow 1120: File (R-D) C:\Windows\SystemResources\Chakra.dll.mun 1134: File (R-D) C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd 113C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 114C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1170: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 11A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 11AC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 11B4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 11BC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 11F4: File (RWD) C:\Windows\Fonts\seguisb.ttf 1204: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 1224: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1234: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1238: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1294: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 12B4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 12D0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 1308: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1310: File (R-D) C:\Windows\System32\en-US\d2d1.dll.mui 13AC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 13B8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 13C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 13CC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 13E0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 13E4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 13F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 140C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 14B4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\40c0HWNDInterface:2020a 14C4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 14C8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 14CC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{8BC184F0-7F0A-4E2F-8A13-948E71624034}.2.ver0x0000000000000007.db 14D0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 14D4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{0A9A6C4D-61A2-414F-BD29-F4B302EADF18}.2.ver0x0000000000000011.db 14D8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 14DC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{A2B390DB-591D-45A2-B5E0-C596F673B149}.2.ver0x0000000000000011.db 14EC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 14F0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 14F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 14F8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{41EA03C8-52A0-4F19-AB0A-A535848FC398}.2.ver0x0000000000000011.db 14FC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1504: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 150C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{2DCF3D9C-2B9C-4E66-A332-61CE0EA6BFE4}.2.ver0x0000000000000002.db 1510: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{214D0F48-B8D5-4C5A-80D1-7F2946E2591F}.2.ver0x0000000000000002.db 1518: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\C:*ProgramData*Microsoft*Windows*Caches*{CCE773BB-3B36-43B4-8B73-25F3BAB65AE4}.2.ver0x0000000000000002.db 1524: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1530: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 153C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 155C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 15AC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 15B8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App 15C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1640: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1660: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 16A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 16A4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 16B8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 16BC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 16C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 16E0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 16F0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1700: File (R-D) C:\Windows\System32\en-US\StartTileData.dll.mui 1758: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 175C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1768: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1784: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 178C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1790: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1794: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 179C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 17A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 17C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1828: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1860: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App 1864: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App 1870: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1874: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 18A0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 18A4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 18D8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 18EC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 18F4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1904: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1924: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1938: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1944: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 194C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1950: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1964: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1968: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1974: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1978: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 19B8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 19BC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 19C8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 19CC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 19D8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 19E8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1A08: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1A0C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1A54: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1A64: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 1A74: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1A80: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1A90: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 1A94: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 1AD8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App 1ADC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1AE8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1AEC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1AF8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1B14: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1B5C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1B60: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1B68: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1B6C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1B88: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1B94: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1BA4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1BC0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1BC8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1BCC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1BD8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1BFC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1C18: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1C24: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1C38: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1C3C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1C50: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1C54: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1CD8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1CF4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1CF8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1D38: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1D40: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1D50: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1D58: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1D88: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1DC4: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe 1E60: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App 1E9C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1ED8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App 1EE8: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1EEC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_CCleaner_CCleaner64_exe 1F08: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1F0C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1F18: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1F1C: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge 1F30: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1F34: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent 1F58: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe 1FCC: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail 1FD0: File (RWD) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 16428 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 180: Section \BaseNamedObjects\__ComCatalogCache__ 1E8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1F0: Section \BaseNamedObjects\__ComCatalogCache__ 1F4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 224: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 384: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3D8: Section \BaseNamedObjects\windows_shell_global_counters 3FC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 44C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 458: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 478: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 4A8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 64C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 728: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db 73C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 740: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db 748: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro 8CC: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC 924: Section \Windows\Theme549371317 988: Section \Sessions\7\Windows\Theme3425282097 B34: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro B54: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro B74: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db BA8: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro BB4: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db BC4: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui BD4: File (R-D) C:\Windows\System32\en-US\StartTileData.dll.mui BDC: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro BE4: File (R-D) C:\Windows\System32\en-US\AppResolver.dll.mui C44: File (R--) C:\Windows\Registration\R000000000001.clb C74: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 C78: File (R-D) C:\Windows\SystemResources\imageres.dll.mun E8C: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro EB4: Section \Sessions\7\BaseNamedObjects\C:*Users*ncosa*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000003af.db ------------------------------------------------------------------------------ ApplicationFrameHost.exe pid: 14308 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 14C: Section \BaseNamedObjects\__ComCatalogCache__ 158: Section \BaseNamedObjects\__ComCatalogCache__ 20C: Section \Windows\Theme549371317 210: Section \Sessions\7\Windows\Theme3425282097 260: File (R--) C:\Windows\Registration\R000000000001.clb 31C: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50602 374: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 3B8: File (R-D) C:\Windows\System32\en-US\ApplicationFrame.dll.mui 494: File (R-D) C:\Windows\Fonts\StaticCache.dat 578: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:2045e 57C: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:2045e 5BC: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50586 610: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:1301d6 62C: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50602 640: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:2045e 794: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:1301d6 798: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50586 7E4: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50586 820: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 868: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:50602 894: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 8A8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd 8B0: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd A04: Section \Sessions\7\BaseNamedObjects\37e4HWNDInterface:1301d6 ------------------------------------------------------------------------------ SettingSyncHost.exe pid: 15268 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 1A0: Section \BaseNamedObjects\__ComCatalogCache__ 234: Section \BaseNamedObjects\__ComCatalogCache__ 238: Section \Sessions\7\Windows\Theme3425282097 2F0: Section \Windows\Theme549371317 33C: File (R-D) C:\Windows\System32\en-US\SettingSyncCore.dll.mui 350: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3F0: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 4F0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 594: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 634: Section \Sessions\7\BaseNamedObjects\windows_ie_global_counters 654: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 680: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 688: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 6B8: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC 6E8: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 7DC: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 878: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 958: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 99C: Section \BaseNamedObjects\windows_shell_global_counters A3C: Section \Sessions\7\BaseNamedObjects\windows_ie_global_counters B5C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro B70: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro B74: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db B78: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui B7C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db BA8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 CA4: File (R--) C:\Windows\Registration\R000000000001.clb DD4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro ------------------------------------------------------------------------------ LockApp.exe pid: 15500 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy 124: Section \BaseNamedObjects\__ComCatalogCache__ 248: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\ApplicationService:3c8c1d5967d70b14bf7 350: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\SessionImmersiveColorPreference 488: File (RWD) C:\Windows\Fonts\segoeui.ttf 538: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 53C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 580: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 600: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 604: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 608: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 718: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 71C: File (RWD) C:\Windows\Fonts\segoeuil.ttf 73C: File (RWD) C:\Windows\Fonts\segoeuisl.ttf 774: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 77C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 7B0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\3c8cHWNDInterface:d019a 7F8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 12696 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 178: Section \BaseNamedObjects\__ComCatalogCache__ 298: Section \BaseNamedObjects\__ComCatalogCache__ 2DC: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 340: Section \Windows\Theme549371317 348: Section \Sessions\7\Windows\Theme3425282097 568: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 56C: Section \BaseNamedObjects\windows_shell_global_counters 580: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 584: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 588: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 610: File (R-D) C:\Windows\System32\en-US\combase.dll.mui 62C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 644: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 6B0: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 6C0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 704: File (R-D) C:\Windows\System32\en-US\AuthExt.dll.mui 714: File (R-D) C:\Windows\SystemResources\imageres.dll.mun 768: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 824: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ smartscreen.exe pid: 5048 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 14C: File (R-D) C:\Windows\System32\en-US\smartscreen.exe.mui 1CC: Section \BaseNamedObjects\__ComCatalogCache__ 284: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 300: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd 334: Section \BaseNamedObjects\__ComCatalogCache__ 344: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 3B4: File (R-D) C:\Windows\System32\en-US\Windows.Web.Http.dll.mui 3B8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 470: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 51C: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC 544: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 5F0: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 670: Section \Sessions\7\BaseNamedObjects\C:|Users|ncosa|AppData|Local|Microsoft|Windows|Safety|edge|local|local|cache 674: File (RW-) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Safety\edge\local\local\cache 6A4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ SecurityHealthSystray.exe pid: 17060 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 154: Section \BaseNamedObjects\__ComCatalogCache__ 160: Section \BaseNamedObjects\__ComCatalogCache__ 164: File (R--) C:\Windows\Registration\R000000000001.clb 188: File (R-D) C:\Windows\System32\en-US\securityhealthsso.dll.mui 20C: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ RtkNGUI64.exe pid: 10828 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 70: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 78: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 398: Section \BaseNamedObjects\__ComCatalogCache__ 3E4: Section \BaseNamedObjects\__ComCatalogCache__ 4FC: File (R--) C:\Windows\Registration\R000000000001.clb 654: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters ------------------------------------------------------------------------------ EvernoteClipper.exe pid: 1008 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 B0: File (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_2e74e93c278899ad D8: File (RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_5f5fdc21821b137b 218: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 21C: File (RW-) C:\Users\ncosa\Evernote\Logs\enclipper_2019-11-08.txt 23C: Section \Windows\Theme549371317 248: Section \Sessions\7\Windows\Theme3425282097 ------------------------------------------------------------------------------ jusched.exe pid: 1168 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 ------------------------------------------------------------------------------ YourPhone.exe pid: 1820 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19101.469.0_x64__8wekyb3d8bbwe 16C: Section \BaseNamedObjects\__ComCatalogCache__ 260: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1726375552-1729233799-74693324-3851689839-2151781990-3623637752-3611872497\ApplicationService:71c1d5967d80c35144 3E0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1726375552-1729233799-74693324-3851689839-2151781990-3623637752-3611872497\SessionImmersiveColorPreference 454: File (RWD) C:\Windows\Fonts\segoeui.ttf 69C: File (R-D) C:\Windows\System32\en-US\Windows.Web.dll.mui 6A0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 6D0: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd 72C: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 740: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1726375552-1729233799-74693324-3851689839-2151781990-3623637752-3611872497\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 7E4: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 7F8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1726375552-1729233799-74693324-3851689839-2151781990-3623637752-3611872497\windows_shell_global_counters 85C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1726375552-1729233799-74693324-3851689839-2151781990-3623637752-3611872497\UrlZonesSM_NC&CC 940: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 968: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui 9D4: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui ------------------------------------------------------------------------------ SkypeBackgroundHost.exe pid: 11984 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c 168: Section \BaseNamedObjects\__ComCatalogCache__ 260: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\ApplicationService:2ed01d5967d825c6688 ------------------------------------------------------------------------------ SkypeApp.exe pid: 7000 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c 148: Section \BaseNamedObjects\__ComCatalogCache__ 314: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\ApplicationService:1b581d5967d825c6488 468: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\SessionImmersiveColorPreference 504: File (RWD) C:\Windows\Fonts\segoeui.ttf 54C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\windows_shell_global_counters 554: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 584: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd 664: File (R-D) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\DiagOutputDir\SkypeApp0.txt 6B4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 710: File (R-D) C:\Windows\System32\en-US\twinapi.appcore.dll.mui 71C: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 724: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd 788: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\UrlZonesSM_NC&CC 7BC: File (R-D) C:\Windows\SystemResources\Chakra.dll.mun 7C8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 7D4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 7F4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 7FC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 850: File (R-D) C:\Windows\System32\WinMetadata\Windows.Web.winmd 868: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\s4l-live%003ancosand.db 8D4: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 8D8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 97C: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 B20: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\18EFC02DB9031CD0690CCED3DDE7AB9EB8C2E33CA2349324C59BFB02A0C12F72-ScheduledCalls.db B80: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui B98: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui C50: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui C84: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui DB0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\slimcore-aria-cache.data-shm DB8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\slimcore-aria-cache.data-wal E68: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\slimcore-aria-cache.data ------------------------------------------------------------------------------ ModuleCoreService.exe pid: 15600 DESKTOP-H6803IC\NC&CC ------------------------------------------------------------------------------ conhost.exe pid: 13468 DESKTOP-H6803IC\NC&CC 44: File (RW-) C:\Windows 130: File (R-D) C:\Windows\System32\en-US\Conhost.exe.mui ------------------------------------------------------------------------------ CCleaner64.exe pid: 14248 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 70: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 74: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 2D4: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 4EC: Section \BaseNamedObjects\__ComCatalogCache__ 53C: Section \BaseNamedObjects\__ComCatalogCache__ 564: Section \Windows\Theme549371317 568: Section \Sessions\7\Windows\Theme3425282097 56C: File (R-D) C:\Windows\System32\en-US\user32.dll.mui 574: File (R-D) C:\Windows\Fonts\StaticCache.dat 5B4: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 6C4: Section \BaseNamedObjects\windows_shell_global_counters 740: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 7A8: File (RWD) C:\Windows\Fonts\times.ttf 7CC: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 7E0: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 84C: Section \Sessions\7\BaseNamedObjects\UrlZonesSM_NC&CC 890: Section \Sessions\7\BaseNamedObjects\IEHistJournalFm_24c20119-753b-4f33-887d-f2381810562d_4A69FBD9_C::USERS:NCOSA:APPDATA:LOCAL:MICROSOFT:WINDOWS:INETCACHE:LOW:SUGGESTEDSITES.DAT 984: File (R-D) C:\Windows\System32\en-US\ieframe.dll.mui 998: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 9E4: Section \Sessions\7\BaseNamedObjects\37a8HWNDInterface:103d2 9E8: Section \Sessions\7\BaseNamedObjects\37a8HWNDInterface:103d2 9EC: Section \Sessions\7\BaseNamedObjects\windows_ie_global_counters 9F8: File (R-D) C:\Windows\System32\ieframe.dll A68: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui B30: File (R-D) C:\Windows\System32\en-US\urlmon.dll.mui B38: File (R-D) C:\Windows\System32\en-US\mshtml.dll.mui BDC: Section \Sessions\7\BaseNamedObjects\37a8HWNDInterface:203de BE0: Section \Sessions\7\BaseNamedObjects\37a8HWNDInterface:203de C3C: File (RWD) C:\Windows\Fonts\tahoma.ttf C48: File (RWD) C:\Windows\Fonts\tahomabd.ttf C58: Section \Sessions\7\BaseNamedObjects\MSIMGSIZECacheMap C80: File (R--) C:\Windows\Registration\R000000000001.clb CBC: File (R-D) C:\Windows\SystemResources\mshtml.dll.mun D3C: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui D48: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui D4C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro D50: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db D54: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro D58: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db D5C: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui DE4: File (RW-) C:\Users\ncosa\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat ------------------------------------------------------------------------------ unsecapp.exe pid: 7040 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 198: Section \BaseNamedObjects\__ComCatalogCache__ 1EC: Section \BaseNamedObjects\__ComCatalogCache__ 1F0: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 2060 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 178: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 214: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 12584 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 188: Section \BaseNamedObjects\__ComCatalogCache__ 250: Section \BaseNamedObjects\__ComCatalogCache__ 288: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 2E8: Section \BaseNamedObjects\windows_shell_global_counters 2EC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 2F0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 30C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 310: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 314: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 50C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 55C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 594: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 14096 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 2D4: Section \BaseNamedObjects\__ComCatalogCache__ 2E4: Section \BaseNamedObjects\__ComCatalogCache__ 348: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 364: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 378: File (---) C:\Users\ncosa\AppData\Local\Comms\UnistoreDB\store.vol 518: File (---) C:\Users\ncosa\AppData\Local\Comms\UnistoreDB\store.jfm 520: File (---) C:\Users\ncosa\AppData\Local\Comms\UnistoreDB\tmp.edb 7E4: File (---) C:\Users\ncosa\AppData\Local\Comms\UnistoreDB\USS.jtx 830: File (R-D) C:\Windows\System32\en-US\UserDataAccessRes.dll.mui 840: File (---) C:\Users\ncosa\AppData\Local\Comms\UnistoreDB\USStmp.jtx A84: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ ShellExperienceHost.exe pid: 2852 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy 154: Section \BaseNamedObjects\__ComCatalogCache__ 250: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\ApplicationService:b241d5967da3b16951 3B4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\SessionImmersiveColorPreference 474: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\windows_shell_global_counters 47C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 4D8: File (RWD) C:\Windows\Fonts\segoeui.ttf 53C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 540: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 544: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 548: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 54C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 590: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:30162 6B0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 6B4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 6BC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 708: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 70C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 710: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 76C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 794: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 798: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:303a2 7A0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a 860: File (R-D) C:\Windows\System32\en-US\d2d1.dll.mui 9CC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a 9D8: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui A6C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a AAC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a ABC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a AC0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a AC4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a AE0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a AE4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\b24HWNDInterface:e046a B4C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui F44: File (R-D) C:\Windows\System32\en-US\QuickActionsDataModel.dll.mui 10A4: File (RWD) C:\Windows\Fonts\seguisb.ttf ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 14480 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 180: Section \BaseNamedObjects\__ComCatalogCache__ 2B8: Section \BaseNamedObjects\__ComCatalogCache__ 364: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3A8: Section \BaseNamedObjects\windows_shell_global_counters 498: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 4B4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 4B8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 4BC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 4C0: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 500: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 530: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 6FC: File (R--) C:\Windows\Registration\R000000000001.clb 84C: Section \Windows\Theme549371317 850: Section \Sessions\7\Windows\Theme3425282097 B0C: File (R-D) C:\Windows\System32\en-US\combase.dll.mui B2C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ SkypeBridge.exe pid: 10720 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 194: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_10720 198: Section \...\Cor_SxSPublic_IPCBlock 298: File (R--) C:\Windows\assembly\pubpol180.dat 354: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 3BC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 438: File (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.Common.dll 450: Section \BaseNamedObjects\__ComCatalogCache__ 470: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll 474: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll 49C: File (R-D) C:\Windows\System32\WinMetadata\Windows.Storage.winmd 4A8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd 4F4: File (R--) C:\Windows\Registration\R000000000001.clb 4F8: Section \BaseNamedObjects\__ComCatalogCache__ 514: Section \BaseNamedObjects\windows_shell_global_counters 5DC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5E4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 5E8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 5EC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 5F8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd 5FC: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll 600: File (R-D) C:\Windows\System32\WinMetadata\Windows.Storage.winmd 604: File (R-D) C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll 63C: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 698: File (R-D) C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd 6A0: File (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeApi.dll 6AC: Section \Sessions\7\Windows\Theme3425282097 6B0: Section \Windows\Theme549371317 6B8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.449_none_17b2a54a6d9eea75 6BC: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812 6D4: File (R-D) C:\Users\ncosa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\DiagOutputDir\SkypeBridge2.txt 6EC: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 86C: File (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\SkypeBridge\Newtonsoft.Json.dll 878: File (R-D) C:\Windows\Fonts\StaticCache.dat 88C: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 2644 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 178: Section \BaseNamedObjects\__ComCatalogCache__ 240: Section \BaseNamedObjects\__ComCatalogCache__ 2BC: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 2C0: File (R--) C:\Windows\Registration\R000000000001.clb 3B8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3BC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 3C0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3C4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 3C8: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 3EC: Section \BaseNamedObjects\windows_shell_global_counters 410: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 484: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui 504: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 508: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{8BC184F0-7F0A-4E2F-8A13-948E71624034}.2.ver0x0000000000000007.db 50C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 510: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 514: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{0A9A6C4D-61A2-414F-BD29-F4B302EADF18}.2.ver0x0000000000000011.db 518: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 51C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{A2B390DB-591D-45A2-B5E0-C596F673B149}.2.ver0x0000000000000011.db 520: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 524: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{41EA03C8-52A0-4F19-AB0A-A535848FC398}.2.ver0x0000000000000011.db 528: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 52C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{214D0F48-B8D5-4C5A-80D1-7F2946E2591F}.2.ver0x0000000000000002.db 530: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 534: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{2DCF3D9C-2B9C-4E66-A332-61CE0EA6BFE4}.2.ver0x0000000000000002.db 53C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{CCE773BB-3B36-43B4-8B73-25F3BAB65AE4}.2.ver0x0000000000000002.db 564: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 5B0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 76C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui ------------------------------------------------------------------------------ WinStore.App.exe pid: 5588 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe 144: Section \BaseNamedObjects\__ComCatalogCache__ 30C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\ApplicationService:15d41d5967dbf94dab9 458: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 470: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\SessionImmersiveColorPreference 51C: File (RWD) C:\Windows\Fonts\segoeui.ttf 544: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 604: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 608: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 64C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 744: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 748: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 7D8: File (R-D) C:\Windows\System32\WinMetadata\Windows.Security.winmd 830: File (R-D) C:\Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui 84C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 8A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\windows_shell_global_counters 8B0: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 918: File (RWD) C:\Windows\Fonts\seguisb.ttf 97C: File (R-D) C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd B68: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui C38: File (R-D) C:\Windows\System32\WinMetadata\Windows.Graphics.winmd C54: File (RWD) C:\Windows\Fonts\seguisym.ttf C64: File (RWD) C:\Windows\Fonts CE4: File (R-D) C:\Windows\System32\en-US\DevDispItemProvider.dll.mui D0C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db D4C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db EF4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 F04: File (R-D) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\NoiseAsset_256X256_PNG.png F54: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro F60: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 1038: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 105C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\15d4HWNDInterface:30472 1074: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 1120: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 11C4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\UrlZonesSM_NC&CC 12BC: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 12C4: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui 1324: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 16480 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 180: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 288: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 2D4: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 3F0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3F4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 3F8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 3FC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 4D8: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ hpqwmiex.exe pid: 10324 NT AUTHORITY\SYSTEM 40: File (RW-) C:\Windows 84: File (RW-) C:\Windows\SysWOW64 2BC: Section \BaseNamedObjects\__ComCatalogCache__ 2C8: Section \BaseNamedObjects\__ComCatalogCache__ 33C: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ SystemSettings.exe pid: 17244 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\ImmersiveControlPanel 130: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 13C: Section \BaseNamedObjects\__ComCatalogCache__ 198: File (R-D) C:\Windows\ImmersiveControlPanel\en-US\SystemSettings.exe.mui 1C4: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 3F0: Section \BaseNamedObjects\__ComCatalogCache__ 440: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 4F4: Section \Sessions\7\BaseNamedObjects\ApplicationService:435c1d5967e89afd37f 4F8: File (R--) C:\ProgramData\Intel\ShaderCache\SystemSettings_1 538: File (RWD) C:\Windows\Fonts\segoeui.ttf 594: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 598: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 5D0: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 5D4: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 628: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 634: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 780: Section \Windows\Theme549371317 784: Section \Sessions\7\Windows\Theme3425282097 9F0: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 9F4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db A90: Section \Sessions\7\BaseNamedObjects\435cHWNDInterface:20560 A94: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet A98: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet AA4: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet AB4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro B6C: Section \BaseNamedObjects\windows_shell_global_counters B80: File (RWD) C:\Windows\Fonts\segoeuil.ttf BA8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro BC8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db BCC: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet C34: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui D70: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ Microsoft.Msn.Weather.exe pid: 2344 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe 12C: Section \BaseNamedObjects\__ComCatalogCache__ 2E8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\ApplicationService:9281d5967e8fe64746 44C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\SessionImmersiveColorPreference 4F8: File (RWD) C:\Windows\Fonts\segoeui.ttf 524: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 5B8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 5BC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 608: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 69C: File (R-D) C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd 6A4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 6A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 740: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd 834: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\windows_shell_global_counters 83C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 848: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 8C0: File (R-D) C:\Windows\System32\WinMetadata\Windows.Web.winmd 9AC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 9C4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\928HWNDInterface:605fa 9D8: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui A08: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 2020 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 178: Section \BaseNamedObjects\__ComCatalogCache__ 1D4: Section \BaseNamedObjects\__ComCatalogCache__ 1D8: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ Microsoft.Photos.exe pid: 4036 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe 144: Section \BaseNamedObjects\__ComCatalogCache__ 29C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\ApplicationService:fc41d5967f4a0b9538 32C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 464: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\SessionImmersiveColorPreference 4B4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\windows_shell_global_counters 4C4: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 524: File (RWD) C:\Windows\Fonts\segoeui.ttf 570: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 574: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 578: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 5A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 608: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 6A4: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 700: File (R-D) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl 738: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 73C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 754: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 75C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 78C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 794: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 7AC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 7B8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 7DC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 7E0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 7F4: File (R-D) C:\Windows\System32\WinMetadata\Windows.Storage.winmd 7F8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 834: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 87C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 8D0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 8D8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 91C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 920: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 924: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 930: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 964: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 974: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal 978: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite 9A8: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 9AC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 9F8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite A6C: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 B28: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\UrlZonesSM_NC&CC C60: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui C68: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite C74: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui CB0: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd CF0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D00: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm D08: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D1C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D20: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D24: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D28: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D2C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D34: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D60: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D68: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D6C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D70: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D78: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal D80: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite D8C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DA8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite DAC: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DBC: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite DC0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DC8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DD4: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DE8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite DEC: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal DF0: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite DF4: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite E04: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite E08: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite E0C: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal E10: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal E30: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal F04: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal F10: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite F14: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite F34: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal FF0: File (R-D) C:\Windows\System32\en-US\combase.dll.mui FF4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui FFC: File (R-D) C:\Windows\System32\WinMetadata\Windows.Foundation.winmd ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 6320 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 178: Section \BaseNamedObjects\__ComCatalogCache__ 1BC: Section \BaseNamedObjects\__ComCatalogCache__ 3D0: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 418: File (R-D) C:\Windows\SystemResources\shell32.dll.mun 434: Section \Windows\Theme549371317 438: Section \BaseNamedObjects\windows_shell_global_counters 44C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 468: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 46C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 470: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 474: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 488: Section \Sessions\7\Windows\Theme3425282097 4AC: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui 4E4: Section \BaseNamedObjects\SearchCrawlScopeVersion 5B4: File (R-D) C:\Windows\System32\en-US\ieframe.dll.mui 600: File (R--) C:\Windows\Registration\R000000000001.clb 6C4: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 700: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 704: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{8BC184F0-7F0A-4E2F-8A13-948E71624034}.2.ver0x0000000000000007.db 708: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 70C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{0A9A6C4D-61A2-414F-BD29-F4B302EADF18}.2.ver0x0000000000000011.db 710: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 714: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{A2B390DB-591D-45A2-B5E0-C596F673B149}.2.ver0x0000000000000011.db 718: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 71C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{41EA03C8-52A0-4F19-AB0A-A535848FC398}.2.ver0x0000000000000011.db 720: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 724: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{214D0F48-B8D5-4C5A-80D1-7F2946E2591F}.2.ver0x0000000000000002.db 728: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 72C: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{2DCF3D9C-2B9C-4E66-A332-61CE0EA6BFE4}.2.ver0x0000000000000002.db 730: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 734: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{CCE773BB-3B36-43B4-8B73-25F3BAB65AE4}.2.ver0x0000000000000002.db 780: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 7D8: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 88C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 894: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet 8E0: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet 8E4: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet 8EC: File (RWD) C:\Users\ncosa\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelet 910: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 940: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro ------------------------------------------------------------------------------ WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe pid: 15672 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy 11C: Section \BaseNamedObjects\__ComCatalogCache__ 2A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\ApplicationService:3d381d59687a642e301 3AC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\SessionImmersiveColorPreference 4B0: File (RWD) C:\Windows\Fonts\segoeui.ttf 500: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:402b0 504: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:402b0 54C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:402b0 620: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 644: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 648: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 674: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 70C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:402b0 76C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 774: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 778: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:402b0 79C: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd 7C4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 7E0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 7F0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009\3d38HWNDInterface:4023e 7FC: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui ------------------------------------------------------------------------------ SystemSettingsBroker.exe pid: 16752 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 14C: Section \BaseNamedObjects\__ComCatalogCache__ 194: Section \BaseNamedObjects\__ComCatalogCache__ 32C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 388: File (R--) C:\Windows\Registration\R000000000001.clb 3BC: File (R-D) C:\Windows\System32\en-US\SettingsHandlers_Display.dll.mui 3E4: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 440: File (R-D) C:\Windows\System32\en-US\QuickActionsDataModel.dll.mui 724: File (R-D) C:\Windows\System32\en-US\SettingsHandlers_Devices.dll.mui ------------------------------------------------------------------------------ svchost.exe pid: 12468 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 130: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 214: Section \BaseNamedObjects\__ComCatalogCache__ 240: Section \BaseNamedObjects\__ComCatalogCache__ 244: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ Launch.exe pid: 16872 DESKTOP-H6803IC\NC&CC ------------------------------------------------------------------------------ delegate.exe pid: 6364 DESKTOP-H6803IC\NC&CC ------------------------------------------------------------------------------ QcShm.exe pid: 6940 DESKTOP-H6803IC\NC&CC ------------------------------------------------------------------------------ dllhost.exe pid: 1616 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 11C: Section \BaseNamedObjects\__ComCatalogCache__ 128: Section \BaseNamedObjects\__ComCatalogCache__ 2A8: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 328: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 32C: File (---) C:\Users\ncosa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log 340: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm 394: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb 514: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ Video.UI.exe pid: 17084 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe 18C: Section \BaseNamedObjects\__ComCatalogCache__ 260: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\ApplicationService:42bc1d5968f79d9059f 3E8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\SessionImmersiveColorPreference 458: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 47C: File (RWD) C:\Windows\Fonts\segoeui.ttf 4F8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\windows_shell_global_counters 500: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 594: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd 5A4: File (R-D) C:\Windows\System32\en-US\ESENT.dll.mui 624: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\26675ac542dc0ad9\edb.log 628: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\26675ac542dc0ad9\EntClientDb.jfm 648: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\26675ac542dc0ad9\EntClientDb.edb 680: File (---) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\26675ac542dc0ad9\tmp.edb 744: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 7AC: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 7B0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 868: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 880: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\UrlZonesSM_NC&CC A20: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui A24: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds AA0: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui AA8: File (RW-) C:\Users\ncosa\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\PlayReady\mspr.hds ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 11712 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 180: Section \BaseNamedObjects\__ComCatalogCache__ 1E0: Section \BaseNamedObjects\__ComCatalogCache__ 1E4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ svchost.exe pid: 4580 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui ------------------------------------------------------------------------------ HxOutlook.exe pid: 16776 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe 1C4: Section \BaseNamedObjects\__ComCatalogCache__ 2FC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\windows_shell_global_counters 310: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 320: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd 3D4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\ApplicationService:41881d5969685e44625 4D4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\SessionImmersiveColorPreference 508: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 5D0: File (RWD) C:\Windows\Fonts\segoeui.ttf 604: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 67C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 6DC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 75C: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\hxcommintl.dll 764: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 768: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 7A8: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 7D0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 7F8: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\office.odf 840: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\msoimm.dll 850: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\msointl30_winrt.dll 860: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll 8B0: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxOutlook.Resources.dll 8BC: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\hxoutlookintl.dll 8E0: File (R-D) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl 900: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 974: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a 978: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a A04: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd AF0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} AF4: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 B4C: File (R-D) C:\Windows\System32\WinMetadata\Windows.Security.winmd BB4: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 BC0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\UrlZonesSM_NC&CC BD4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\4188HWNDInterface:5055a CC0: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsymb.ttf CC8: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsymb.ttf CD0: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf CD8: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf CE0: File (RWD) C:\Windows\Fonts\segoeuisl.ttf CE8: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsym.ttf CF0: File (RWD) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\offsym.ttf CF8: File (RWD) C:\Windows\Fonts\seguisb.ttf D00: File (RWD) C:\Windows\Fonts\segoeuil.ttf D10: File (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui D24: File (R-D) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png D34: File (R-D) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\images\bg1a.jpg DB8: File (RWD) C:\Windows\Fonts DE4: File (RWD) C:\Windows\Fonts\arialbd.ttf E70: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\wintlim.dll E74: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui EC4: File (RWD) C:\Windows\Fonts\segoeuib.ttf F64: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui F70: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui ------------------------------------------------------------------------------ RuntimeBroker.exe pid: 17456 DESKTOP-H6803IC\NC&CC 48: File (RW-) C:\Windows\System32 168: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 180: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 3CC: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 460: File (R--) C:\Windows\Registration\R000000000001.clb 4A4: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 4A8: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 4AC: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 4B0: Section \Sessions\7\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 4C8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui ------------------------------------------------------------------------------ HxTsr.exe pid: 14544 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe 1C8: Section \BaseNamedObjects\__ComCatalogCache__ 2A0: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\windows_shell_global_counters 30C: File (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui 310: File (R-D) C:\Windows\System32\WinMetadata\Windows.System.winmd 38C: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\ApplicationService:38d01d5969686092960 41C: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\office.odf 428: File (R--) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\en-us\hxcommintl.dll 444: File (R-D) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl 474: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\HxInstanceManager_Mapping 478: File (RW-) C:\Users\ncosa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd 4DC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 5D0: Section \Sessions\7\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-3643095105-563391038-1683927447-1001 5D4: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\windows_webcache_counters_{00000000-5d8e-4eed-b3fa-e30684411323} 60C: File (R-D) C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd 6C4: Section \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 7FC: Section \Sessions\7\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\UrlZonesSM_NC&CC 914: File (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui 91C: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui A50: File (R-D) C:\Windows\System32\WinMetadata\Windows.UI.winmd ------------------------------------------------------------------------------ svchost.exe pid: 16020 \ 48: File (RW-) C:\Windows\System32 14C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 210: File (R--) C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat ------------------------------------------------------------------------------ svchost.exe pid: 3008 NT AUTHORITY\SYSTEM 48: File (RW-) C:\Windows\System32 134: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui 16C: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 290: Section \BaseNamedObjects\windows_shell_global_counters 2AC: Section \BaseNamedObjects\__ComCatalogCache__ 2B8: Section \BaseNamedObjects\__ComCatalogCache__ 2DC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui 3FC: File (R-D) C:\Windows\System32\en-US\msxml6r.dll.mui 404: File (R-D) C:\Windows\System32\en-US\netmsg.dll.mui 4D4: File (R-D) C:\Windows\System32\en-US\winnlsres.dll.mui 584: File (R-D) C:\Windows\System32\en-US\mswsock.dll.mui 5E4: File (R-D) C:\Windows\System32\en-US\crypt32.dll.mui 654: File (R--) C:\Windows\Registration\R000000000001.clb 694: File (R-D) C:\Windows\System32\en-US\SHCore.dll.mui ------------------------------------------------------------------------------ audiodg.exe pid: 2088 NT AUTHORITY\LOCAL SERVICE 40: File (RW-) C:\Windows\System32 184: File (R-D) C:\Windows\System32\en-US\audiodg.exe.mui 1A4: Section \BaseNamedObjects\__ComCatalogCache__ 1FC: Section \BaseNamedObjects\__ComCatalogCache__ 4C4: File (R--) C:\Windows\Registration\R000000000001.clb ------------------------------------------------------------------------------ cmd.exe pid: 11948 DESKTOP-H6803IC\NC&CC 40: File (RW-) C:\Windows\System32 58: File (R--) C:\Users\ncosa\Desktop\handle_output.txt 11C: File (R-D) C:\Windows\System32\en-US\cmd.exe.mui ------------------------------------------------------------------------------ conhost.exe pid: 10632 DESKTOP-H6803IC\NC&CC 44: File (RW-) C:\Windows 124: File (R-D) C:\Windows\System32\en-US\Conhost.exe.mui 190: File (R-D) C:\Windows\System32\en-US\propsys.dll.mui 1A4: Section \Sessions\7\BaseNamedObjects\windows_shell_global_counters 200: Section \BaseNamedObjects\__ComCatalogCache__ 204: File (R--) C:\Windows\Registration\R000000000001.clb 214: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 218: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000043.db 21C: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro 220: Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 260: Section \BaseNamedObjects\windows_shell_global_counters 304: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui 314: Section \Windows\Theme549371317 31C: Section \Sessions\7\Windows\Theme3425282097 320: File (R-D) C:\Windows\System32\en-US\user32.dll.mui 328: Section \Sessions\7\BaseNamedObjects\SessionImmersiveColorPreference 32C: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.449_none_e6c7b265130c70a7 334: File (R-D) C:\Windows\Fonts\StaticCache.dat 364: Section \BaseNamedObjects\__ComCatalogCache__ ------------------------------------------------------------------------------ handle64.exe pid: 13528 DESKTOP-H6803IC\NC&CC 44: File (RW-) C:\Windows\System32 58: File (R--) C:\Users\ncosa\Desktop\handle_output.txt 88: File (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.449_none_2a26bd6c466ab812