2decc472...98a2

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x56c	Analysis Target	High (Elevated)	twitchru.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"	-
#3	0xcb4	Child Process	High (Elevated)	cmd.exe	cmd /c vssadmin delete shadows /all /quiet	#1
#4	0xcc0	Child Process	High (Elevated)	vssadmin.exe	vssadmin delete shadows /all /quiet	#3
#5	0xd18	Child Process	High (Elevated)	twitchru.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"	#1
#6	0xd64	Child Process	High (Elevated)	werfault.exe	C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 23912	#1
#7	0x784	Autostart	Medium	twitchru.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"	-
#9	0x36c	Child Process	Medium	cmd.exe	cmd /c vssadmin delete shadows /all /quiet	#7
#10	0x860	Child Process	Medium	vssadmin.exe	vssadmin delete shadows /all /quiet	#9
#11	0xad0	Child Process	Medium	twitchru.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"	#7
#12	0xabc	Child Process	Medium	werfault.exe	C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 23928	#7
#13	0x9d8	Child Process	Medium	werfault.exe	C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 592	#7
#14	0x55c	Child Process	Medium	twitchru.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"	#7

Behavior Information - Grouped by Category

Process #1: twitchru.exe

3727

Information	Value
ID	#1
File Name	c:\users\ciihmnxmn6ps\desktop\twitchru.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor	Start Time: 00:01:00, Reason: Analysis Target
Unmonitor	End Time: 00:02:31, Reason: Crashed
Monitor Duration	00:01:31

OS Process Information

Information	Value
PID	0x56c
Parent PID	0x508 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 898 0x 534 0x 16C 0x 8C8 0x 658 0x C8C 0x C90 0x D10

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	rw	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	rw	-
private_0x0000000000020000	0x00020000	0x00023fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	rw	-
pagefile_0x0000000000040000	0x00040000	0x00053fff	Pagefile Backed Memory	r	-
private_0x0000000000060000	0x00060000	0x0009ffff	Private Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x0019ffff	Private Memory	rw	-
pagefile_0x00000000001a0000	0x001a0000	0x001a3fff	Pagefile Backed Memory	r	-
pagefile_0x00000000001b0000	0x001b0000	0x001b0fff	Pagefile Backed Memory	r	-
private_0x00000000001c0000	0x001c0000	0x001c1fff	Private Memory	rw	-
private_0x00000000001d0000	0x001d0000	0x0020ffff	Private Memory	rw	-
private_0x0000000000210000	0x00210000	0x00210fff	Private Memory	rw	-
private_0x0000000000220000	0x00220000	0x0022ffff	Private Memory	rw	-
locale.nls	0x00230000	0x002edfff	Memory Mapped File	r	-
private_0x00000000002f0000	0x002f0000	0x003effff	Private Memory	rw	-
oleaccrc.dll	0x003f0000	0x003f1fff	Memory Mapped File	r	-
twitchru.exe	0x00400000	0x0048afff	Memory Mapped File	rwx	... Region Actions Download Dump
private_0x0000000000490000	0x00490000	0x004cffff	Private Memory	rw	-
private_0x00000000004d0000	0x004d0000	0x0050ffff	Private Memory	rw	-
private_0x0000000000510000	0x00510000	0x00511fff	Private Memory	rw	-
private_0x0000000000520000	0x00520000	0x00520fff	Private Memory	rw	-
private_0x0000000000530000	0x00530000	0x0053ffff	Private Memory	rw	-
private_0x0000000000540000	0x00540000	0x00543fff	Private Memory	rw	-
private_0x0000000000550000	0x00550000	0x0058ffff	Private Memory	rw	-
private_0x0000000000590000	0x00590000	0x0059ffff	Private Memory	rw	-
private_0x00000000005a0000	0x005a0000	0x0069ffff	Private Memory	rw	-
private_0x00000000006a0000	0x006a0000	0x0079ffff	Private Memory	rw	-
private_0x00000000007a0000	0x007a0000	0x0089ffff	Private Memory	rw	-
pagefile_0x00000000008a0000	0x008a0000	0x00a27fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000a30000	0x00a30000	0x00bb0fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000bc0000	0x00bc0000	0x01fbffff	Pagefile Backed Memory	r	-
private_0x0000000001fc0000	0x01fc0000	0x020dffff	Private Memory	rw	-
private_0x0000000001fc0000	0x01fc0000	0x020bffff	Private Memory	rw	-
private_0x00000000020c0000	0x020c0000	0x020c3fff	Private Memory	rw	-
private_0x00000000020d0000	0x020d0000	0x020dffff	Private Memory	rw	-
private_0x00000000020e0000	0x020e0000	0x0211ffff	Private Memory	rw	-
pagefile_0x00000000020e0000	0x020e0000	0x020e0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000020e0000	0x020e0000	0x020e3fff	Pagefile Backed Memory	r	-
private_0x00000000020f0000	0x020f0000	0x020f3fff	Private Memory	rw	-
pagefile_0x0000000002100000	0x02100000	0x02106fff	Pagefile Backed Memory	rw	-
private_0x0000000002110000	0x02110000	0x0211ffff	Private Memory	rw	-
private_0x0000000002120000	0x02120000	0x0219ffff	Private Memory	rw	-
sortdefault.nls	0x021a0000	0x024d6fff	Memory Mapped File	r	-
pagefile_0x00000000024e0000	0x024e0000	0x02597fff	Pagefile Backed Memory	r	-
pagefile_0x00000000025a0000	0x025a0000	0x025a1fff	Pagefile Backed Memory	r	-
windowsshell.manifest	0x025b0000	0x025b0fff	Memory Mapped File	r	-
pagefile_0x00000000025b0000	0x025b0000	0x025b0fff	Pagefile Backed Memory	r	-
private_0x00000000025b0000	0x025b0000	0x025b0fff	Private Memory	rw	-
pagefile_0x00000000025c0000	0x025c0000	0x025c1fff	Pagefile Backed Memory	r	-
private_0x00000000025d0000	0x025d0000	0x025dbfff	Private Memory	rwx	-
private_0x00000000025e0000	0x025e0000	0x025e0fff	Private Memory	rw	-
private_0x00000000025f0000	0x025f0000	0x025f0fff	Private Memory	rw	-
private_0x0000000002600000	0x02600000	0x02600fff	Private Memory	rw	-
private_0x0000000002610000	0x02610000	0x0270ffff	Private Memory	rw	-
private_0x0000000002710000	0x02710000	0x02710fff	Private Memory	rwx	-
private_0x0000000002710000	0x02710000	0x0271ffff	Private Memory	rw	-
pagefile_0x0000000002710000	0x02710000	0x02717fff	Pagefile Backed Memory	rw	-
private_0x0000000002720000	0x02720000	0x0281ffff	Private Memory	rw	-
private_0x0000000002820000	0x02820000	0x02a1ffff	Private Memory	rw	-
private_0x0000000002a20000	0x02a20000	0x02b1ffff	Private Memory	rw	-
private_0x0000000002b20000	0x02b20000	0x02b33fff	Private Memory	rw	-
private_0x0000000002b20000	0x02b20000	0x02b5ffff	Private Memory	rw	-
private_0x0000000002b60000	0x02b60000	0x02c5ffff	Private Memory	rw	-
pagefile_0x0000000002c60000	0x02c60000	0x02c60fff	Pagefile Backed Memory	rw	-
pagefile_0x0000000002c60000	0x02c60000	0x02c6dfff	Pagefile Backed Memory	rw	-
private_0x0000000002c60000	0x02c60000	0x02c65fff	Private Memory	rw	-
private_0x0000000002c60000	0x02c60000	0x02c60fff	Private Memory	rw	-
pagefile_0x0000000002c70000	0x02c70000	0x02cecfff	Pagefile Backed Memory	rw	-
pagefile_0x0000000002c70000	0x02c70000	0x02c71fff	Pagefile Backed Memory	rw	-
private_0x0000000002c70000	0x02c70000	0x02c76fff	Private Memory	rw	-
private_0x0000000002c80000	0x02c80000	0x02c80fff	Private Memory	rw	-
wow64cpu.dll	0x64ae0000	0x64ae7fff	Memory Mapped File	rwx	-
wow64win.dll	0x64af0000	0x64b62fff	Memory Mapped File	rwx	-
wow64.dll	0x64b70000	0x64bbefff	Memory Mapped File	rwx	-
ntmarta.dll	0x74700000	0x74727fff	Memory Mapped File	rwx	-
userenv.dll	0x74730000	0x74748fff	Memory Mapped File	rwx	-
rsaenh.dll	0x74750000	0x7477efff	Memory Mapped File	rwx	-
cryptsp.dll	0x74780000	0x74792fff	Memory Mapped File	rwx	-
winsta.dll	0x747a0000	0x747e3fff	Memory Mapped File	rwx	-
comctl32.dll	0x747f0000	0x749f8fff	Memory Mapped File	rwx	-
srvcli.dll	0x74a00000	0x74a1bfff	Memory Mapped File	rwx	-
netutils.dll	0x74a20000	0x74a29fff	Memory Mapped File	rwx	-
winnsi.dll	0x74a30000	0x74a37fff	Memory Mapped File	rwx	-
bcrypt.dll	0x74a40000	0x74a5afff	Memory Mapped File	rwx	-
wmiclnt.dll	0x74a60000	0x74a6dfff	Memory Mapped File	rwx	-
iphlpapi.dll	0x74a70000	0x74a9ffff	Memory Mapped File	rwx	-
wkscli.dll	0x74aa0000	0x74aaffff	Memory Mapped File	rwx	-
traffic.dll	0x74ab0000	0x74abbfff	Memory Mapped File	rwx	-
wtsapi32.dll	0x74ac0000	0x74acefff	Memory Mapped File	rwx	-
comctl32.dll	0x74ad0000	0x74b61fff	Memory Mapped File	rwx	-
netapi32.dll	0x74b70000	0x74b82fff	Memory Mapped File	rwx	-
oleacc.dll	0x74b90000	0x74be2fff	Memory Mapped File	rwx	-
version.dll	0x74bf0000	0x74bf7fff	Memory Mapped File	rwx	-
dwmapi.dll	0x74c00000	0x74c1cfff	Memory Mapped File	rwx	-
uxtheme.dll	0x74c20000	0x74c94fff	Memory Mapped File	rwx	-
apphelp.dll	0x74ca0000	0x74d30fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74d40000	0x74d98fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74da0000	0x74da9fff	Memory Mapped File	rwx	-
sspicli.dll	0x74db0000	0x74dcdfff	Memory Mapped File	rwx	-
kernelbase.dll	0x74e70000	0x74fe5fff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x75220000	0x75255fff	Memory Mapped File	rwx	-
kernel32.dll	0x75260000	0x7534ffff	Memory Mapped File	rwx	-
powrprof.dll	0x753b0000	0x753f3fff	Memory Mapped File	rwx	-
imm32.dll	0x75400000	0x7542afff	Memory Mapped File	rwx	-
shell32.dll	0x75430000	0x767eefff	Memory Mapped File	rwx	-
profapi.dll	0x76810000	0x7681efff	Memory Mapped File	rwx	-
ole32.dll	0x768b0000	0x76999fff	Memory Mapped File	rwx	-
ws2_32.dll	0x769b0000	0x76a0bfff	Memory Mapped File	rwx	-
advapi32.dll	0x76a10000	0x76a8afff	Memory Mapped File	rwx	-
setupapi.dll	0x76a90000	0x76c34fff	Memory Mapped File	rwx	-
sechost.dll	0x76c40000	0x76c82fff	Memory Mapped File	rwx	-
oleaut32.dll	0x76c90000	0x76d21fff	Memory Mapped File	rwx	-
msasn1.dll	0x76d30000	0x76d3dfff	Memory Mapped File	rwx	-
rpcrt4.dll	0x76d90000	0x76e3bfff	Memory Mapped File	rwx	-
combase.dll	0x76e40000	0x76ff9fff	Memory Mapped File	rwx	-
gdi32.dll	0x77000000	0x7714cfff	Memory Mapped File	rwx	-
user32.dll	0x77150000	0x7728ffff	Memory Mapped File	rwx	-
shlwapi.dll	0x77290000	0x772d3fff	Memory Mapped File	rwx	-
shcore.dll	0x77340000	0x773ccfff	Memory Mapped File	rwx	-
nsi.dll	0x773e0000	0x773e6fff	Memory Mapped File	rwx	-
windows.storage.dll	0x773f0000	0x778ccfff	Memory Mapped File	rwx	-
msctf.dll	0x778d0000	0x779effff	Memory Mapped File	rwx	-
msvcrt.dll	0x779f0000	0x77aadfff	Memory Mapped File	rwx	-
crypt32.dll	0x77ab0000	0x77c24fff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x77c30000	0x77c3bfff	Memory Mapped File	rwx	-
ntdll.dll	0x77ca0000	0x77e18fff	Memory Mapped File	rwx	-
private_0x000000007fea7000	0x7fea7000	0x7fea9fff	Private Memory	rw	-
private_0x000000007feaa000	0x7feaa000	0x7feacfff	Private Memory	rw	-
private_0x000000007fead000	0x7fead000	0x7feaffff	Private Memory	rw	-
pagefile_0x000000007feb0000	0x7feb0000	0x7ffaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	r	-
private_0x000000007ffd5000	0x7ffd5000	0x7ffd7fff	Private Memory	rw	-
private_0x000000007ffd8000	0x7ffd8000	0x7ffdafff	Private Memory	rw	-
private_0x000000007ffdb000	0x7ffdb000	0x7ffddfff	Private Memory	rw	-
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	rw	-
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7ff8ee37ffff	Private Memory	r	-
ntdll.dll	0x7ff8ee380000	0x7ff8ee541fff	Memory Mapped File	rwx	-
private_0x00007ff8ee542000	0x7ff8ee542000	0x7ffffffeffff	Private Memory	r	-

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x00000000025d0000:+0x3994	130. entry of twitchru.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to kernel32.dll:+0x10000	... Actions Go to Installer Region Go to Target Region

Created Files

Filename	File Size	Hash Values	Actions
C:\\Boot\BCD.LOG.gsg	0.14 KB	MD5: 85d7498a586d52fc41baaeba006f8721 SHA1: d8283254eb9bda0dd61bc0318e40af2f81c1f747 SHA256: c7521952db533dbe9d3861f161bf44bdded8eb6873d1a8ba1a701e4b244abcfe SSDeep: 3:r3rGvRBb4ZK6tFD5BwblDC4DgCz9Us632OxRtmzQSiowIOn:DKvRgK+HyJe4RoREXw	... File Actions Show Properties Download
C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	0.14 KB	MD5: 3534970c4d297e22fafe28df312a0e55 SHA1: 511cbb75fbcb907d6e0160709dc1b770f460b60c SHA256: 8582a94c4cc53ce285c89483ae34dd1230d0e6e460981e7593cb2754d28b9732 SSDeep: 3:DL8pf4KDf712p6q7YYqshZQbnAP29G+mTani26Bh4LbUF0h2WYIj8:DL8p9RqcHoQbAP2IjIi5hGbUF058	... File Actions Show Properties Download
C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	0.14 KB	MD5: c692364f94b80fe64eb3645b82bd8584 SHA1: ac19fef5cf991bf1c705d7656efd64532a56fff7 SHA256: 95c2e02115254d0c16ac1c15195f03462a2ce75878d1e83208b1926b0b10fe07 SSDeep: 3:rxkTsWg/NNncePoDgZdl3FjLqLfv8KVziXbRHYKZJGrGrqE:rvNxLxZLqL8KViLJarGrqE	... File Actions Show Properties Download
C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	0.14 KB	MD5: 9415b88f84b4b7ca87e0374fcfa78026 SHA1: d07ee299d1517a9da5423f3f8fa7aa2ed711fe7b SHA256: db30e6ca23a334d0492431bb728e7227cbd285df15ab873c2a7831cfb6b95c79 SSDeep: 3:EIzHFCN5SFV1LrSmakksDFLcPY5FZvjs8qBOi8cNmlfNNloCmPn:EIpBLrSmahsdcPiRj2BOJNNbloCmP	... File Actions Show Properties Download
C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	0.14 KB	MD5: e9bf3290d54e5975e36e0a76881efe89 SHA1: c3612d4ab8dffbc8e5931f1bac40ce62fcb6ff3c SHA256: f7b86810b9c773652f56a24eba7f481b65c11d98a76720a3d608fe49a01452cb SSDeep: 3:1A+9AHBSsX/uI+4mMV+4l9nOC63Z+MFF4w6SYFuGma+e3rWYIj8:199AQsXmI+rMVH9n0sSyBnFuGWB8	... File Actions Show Properties Download
C:\\Boot\tr-TR\memtest.exe.mui.gsg	0.14 KB	MD5: 4368417663ad5555f6b445aad675cb6a SHA1: 12cea8c1445e29186a47f29f02f087dde80411f3 SHA256: 199817a6cbe9e118dd19a79a3f289054263d3f2da61669c826601c0215357dca SSDeep: 3:4APzb3CHy5zEk7QiaX+hn3EJCHx3dQiNTWbPiimschHGN40J3YIj8:4APHVEk7QJU0JEx3pNTcaPscBKb/8	... File Actions Show Properties Download
C:\\Boot\nb-NO\memtest.exe.mui.gsg	0.14 KB	MD5: c155cae71d383bd9ffa63952a74e23af SHA1: 49bda0ad9882916062b04ab5af1055b9bb7eb9bd SHA256: 1025b9553a5e86d17b21a1597c44b55f9ecf6c65870ca3a7c16d3eadb8f8734b SSDeep: 3:62VXMh29DsMMMsTv4lzdJ9QO34c3ppw0on27AAGrqE:62VchOpyv4NdEOIcXw0oncAAGrqE	... File Actions Show Properties Download
C:\\Boot\Fonts\jpn_boot.ttf.gsg	0.14 KB	MD5: 0f72786337a16eaa1c2c9225b686932a SHA1: 8f99d737c7b3bbe78677335108e7c3c2fe0c1a18 SHA256: f404458d6619bcb55b84bdd700a67fb00aad3e691b1fa8e6f1a228d64fa74d35 SSDeep: 3:q0TqrwYyInj5b/rOyGsb9+uteU/jCXgiA9fF/BuN0jy4cNeFUmPn:q0m0f+tOoeU/gWFgmO4cMOmP	... File Actions Show Properties Download
C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	0.14 KB	MD5: 9dc2e5cd5cc1b2ff6d680328d72ed196 SHA1: 3b65c803b78fb7573d2aa2be55b6a36c077efbdf SHA256: 8b09ab3b98c78e21c3d094311283d70b829a96bfbf987a2a5d63140253fbc083 SSDeep: 3:VsgBFSArKmQ0M/DCLWnwcUYTrm/xTgHpR7K7SJAymF5+dYIj8:WgBoOBynwcUYnm/ZCpR7WSJp8	... File Actions Show Properties Download
C:\\Boot\Fonts\msjh_boot.ttf.gsg	0.14 KB	MD5: b50bf3a187b6138bfe4acf584446af5a SHA1: 30bbab060e5a2b5ed5c9c471693edb55e898fb95 SHA256: ce8c573598b7089d7d3dc7cd84a55f3a7c12af1d64b2c427f5fb499d97398488 SSDeep: 3:h/rijqDUcyTVuy1vaLMQX5wOeIy1Sz9bgABJuT5kpNaC0FmHLjz3JY7mPn:prHygLMsVy1S5pYkxCmHLj1omP	... File Actions Show Properties Download
C:\\Boot\cs-CZ\memtest.exe.mui.gsg	0.14 KB	MD5: be2ecdd02ac337362552e87aa445f364 SHA1: 034bdf40d335984bcd4a2bfc4cc94d0ae17620bd SHA256: 6ea48ede74011dcef1115039bc175e3f8a41d914535d96742b99dffae8dc2eab SSDeep: 3:Qw3rriPKBGfMAn2tJxLFj/GCYX+oR1HrpzERqxV/H8Ua5ZQuVowIOn:Qw3rOTMhtJxLx+bXhd4qPktZQQow	... File Actions Show Properties Download
C:\\Boot\hu-HU\memtest.exe.mui.gsg	0.14 KB	MD5: c5c059a9e15c3c8a52501ae3f24a40b3 SHA1: 70af3fa5bb6282b3727da68b899626966885993d SHA256: 882b5371cc9cd884e0ef88a851d88f918d1b55699d10a9e175fe87b10c8002a6 SSDeep: 3:ij2/hJWNiqLVWAxBQNvyiUMn8TEO7MurgvdOP1W2bpX4WmPn:w7Au54qrMn8Tn7vrg1OPUsX4WmP	... File Actions Show Properties Download
C:\\Boot\BOOTSTAT.DAT.gsg	64.14 KB	MD5: f79b78f4545e0dffaa929b96f438cb65 SHA1: e716ce423368d8f7a10051453f1c93e3b94cff9c SHA256: e6ebdc723d4efa541d5be0efdac83730519f651233e8280a1f815e6823587192 SSDeep: 1536:h9CiCqQ3DiuK77V7tnG0uEtYI7KDM6/TWTUC6neJq:dCfeuQRRn379UTWYRes	... File Actions Show Properties Download
C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	0.14 KB	MD5: f1e35c0572dfef2e71368d921debe769 SHA1: 9ae39e7a4a24f468409da94ae6816dfb43248cb6 SHA256: fde64bbfafb0aba0f93687eaa851e52bfbb24d39ee769b94926c280d73af3b0b SSDeep: 3:J9cXECW9V6LYVHzrhnVjtbQl781Rzbt3Fjir3IYIj8:T066LYVhnVjtO781hbtVIi8	... File Actions Show Properties Download
C:\\Boot\fi-FI\memtest.exe.mui.gsg	0.14 KB	MD5: 21a4432be27c1279fc484b4d318aa2aa SHA1: edf4fde439db95e52da4fd25da970020bfb78af7 SHA256: 4ff4d9eadf986f7ecf16142789566c1b8a5cef3c87e00d79082ce0bb94cd6855 SSDeep: 3:kByDHLkijLrl9E2hVlVf6rMLuNRwLfpUu36EIczk9p3K7mPn:Xr9Lrl9E2hVH2RwLRaEIkmP	... File Actions Show Properties Download
C:\\Boot\it-IT\bootmgr.exe.mui.gsg	0.14 KB	MD5: c10848a0072420d18de459bbabef972f SHA1: 8de013364c3e521cee50f84cf078ceb4d365466b SHA256: fd5c11e3d3b51bbdc0857921049f2bcbc2098bddb820c122ea4226f985075939 SSDeep: 3:c575Sl1qCWmqSwLdZyRSkoSXcWUilPCihvpDkGlrXhCnRwpcrmPn:gIlPWO+HHkoAUvIvpIIO2gmP	... File Actions Show Properties Download
C:\\Boot\sv-SE\memtest.exe.mui.gsg	0.14 KB	MD5: d6bc9059250145c0299a59e53c5a00cc SHA1: b1647f51a1241537efd3d89a24ff3e19c89803d6 SHA256: 74f1268c3076bb539646aa7115a325122cc0c4e0ab85b3c3488c6dfc7cea6ce4 SSDeep: 3:/t/bn4lfrE6uvPhM/pzHL8ZnCQ9jqrUB0VuSvUOE9Wkg7n/+aWYIj8:p4lfrekpzHL8ZnT9WrK0VLxEck0/Q8	... File Actions Show Properties Download
C:\\Boot\et-EE\bootmgr.exe.mui.gsg	0.14 KB	MD5: 31a5f1cd18f3c7718c5a0a2cbbf5f539 SHA1: b49e6cddcbc4e68afa95e79a1f9a6083e34b0e60 SHA256: da45d349a8436fd9b23c2e6dbfc8a474f4180a5bc9a14281260608d0b2dc7432 SSDeep: 3:kyQiYl0CgSAShiUTrMUS+EOf9OdqKQjdbHftwcUElGDuOxsGOK7mPn:A0j+hiIrNNnf9TKqdb/CcUDxPOK7mP	... File Actions Show Properties Download
C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	0.14 KB	MD5: 605acf524474b658ee30c7d367aca927 SHA1: 2da0ad2ae2f98d9ddcb7ee1554bd68d18d6f086a SHA256: b137e69ad2b537807f326f351c676833fc982cc6f5e10b80c57c9a9c6ce7542e SSDeep: 3:FQ3Hy6sl9PiB5rHQRIVgDjxNfuGVHu1dRfSOZylZOrcdIYIj8:IFsl9PiBdhYxNfr6dRfl8arSS8	... File Actions Show Properties Download
C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	0.14 KB	MD5: 3ec0e2e1f0abd70e4ab2a1091d6e23e1 SHA1: 48b6b1dd33c8484fba5d013aadddcddbedc06ede SHA256: b303fc28ea50ef1099551f4657f337cddc7d3c6611a1a9e0022e9f04e5318231 SSDeep: 3:yPGTKYiZGqn0cr+BjV+XXyyv4mEVoqVIDIzhJhi5WYIj8:yebiZGDcr+BjV+XiZmyIM58	... File Actions Show Properties Download
C:\\Boot\Fonts\msyh_boot.ttf.gsg	0.14 KB	MD5: 170f4c1fdc5559979895c12aceeb5acb SHA1: 631650b95f7251b65ae662f57ba820b95fae6278 SHA256: eb51c8b1e48a890544e68d6144316e33241069bf485646cbcd39f83f1a993672 SSDeep: 3:S0yksteuarxr1zw1A6It/uXyUXEkt6/BRk8VrOWmPn:SksteuaxtqA6IN2Rk/BRLrOWmP	... File Actions Show Properties Download
C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	0.14 KB	MD5: 176a2afda54be1b51fa1ff401ea4528a SHA1: b780d52f7b559ed2f33d0f52b44e8505b81419e4 SHA256: 1751970a739ba77e44ab7f4e38767338081a76f74fc5cf22a10b07fd88567663 SSDeep: 3:ovZx88fhtvH4pSGdobLRX1iaQ2MRRIflRC2iXWROdYIj8:oBVepSf/iDCN0eO/8	... File Actions Show Properties Download
C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	9.25 MB	MD5: c10cd607c7a73549e595e5572a7986da SHA1: f5a8401967c38244e0e2450b87ef672d75475760 SHA256: 8b7c4146b7f199f9ee8924d0c87a5c95b4f25b29ecd3bca1092ccd8ba6dbf991 SSDeep: 3:wAqemA8mA0gU/9XONRu8Pa1v7c+g5zMWDTbjgnbRBu9Itl:xmagmXODu8i1vD8YYbGs9	... File Actions Show Properties Download
C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	0.14 KB	MD5: 916e552d636a15c3dee5bf1f06a0d463 SHA1: c02156206ecf5dd8d30d7dd6bd85937b3013a443 SHA256: 080151bf4897d65fadb570c7fec1ee4642d8f9ed995eb21fef0a5fd66788f85a SSDeep: 3:hLtnu2NP15htV3YKbI/19nBIUE/rKGxt0bTgodI7KzEh1an:h/1V3YKk7nTE/ptKsoW72rn	... File Actions Show Properties Download
C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	0.14 KB	MD5: 58d505a19d644ab9908217434477835b SHA1: 427751f8064b0cf3191f387188ddbc3e2213cc1e SHA256: 58f5f926279b861e021844e560605f5c662560f349947a0a5547954e21c214f8 SSDeep: 3:oME66QBINKBtsIE+iqYNXWAyyoSvf6+U7ChpmFnk3eA067mPn:w66QBINAtsI1i4AXFfMChIdjmmP	... File Actions Show Properties Download
C:\\Boot\BCD.LOG.gsg	0.00 KB	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3::	... File Actions Show Properties
C:\\Boot\en-US\bootmgr.exe.mui.gsg	0.14 KB	MD5: 0fab9f6875f39eccce20c9ddeb97d85c SHA1: 34449550f89994c72d709fb61c2fd5c13bac619c SHA256: bb7399ca15e9b506358e6d58b15dd4dcb6d1e76099a615c300631721a763ecc7 SSDeep: 3:/pdF/TgfP1+q8o/z0H0xNtsLgCt/E34hDGBvXjyKywIOn:RdhAmVHYtsh/E3EDGBvXjZyw	... File Actions Show Properties Download
C:\\Boot\es-MX\bootmgr.exe.mui.gsg	0.14 KB	MD5: e3774d1e2ef3415f96da75402c7fc5bb SHA1: 3779e8a006f057b6381a3c5485a5d73af22ad911 SHA256: aaa19aa85f75e0f72a9eb4d54580cfd6e1716a137dca61baa90eb3a36195aaae SSDeep: 3:04cYuLcXGjrPpZFeOOX9fSnDcrk9xp/DhRcwyeDtm5owIOn:0+u4XG5Z1OX9fAcrk9xhwoDwyw	... File Actions Show Properties Download
C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	0.14 KB	MD5: 3a7d54b403891b0c2823185f1e7221d3 SHA1: 013a37bd25e0ccc8da773a06ed9bd3e6f7209230 SHA256: f1ddbcc4b74d19eede385057307c0c18163578e58dd69df3f70bbb7e9e7d0f37 SSDeep: 3:tJ5H7JhTVhQk/oFPvSOpuCbnB8N7fQUJJWYIj8:tjNxVhQ9FPvrpuCbKpfVQ8	... File Actions Show Properties Download
C:\\Boot\fr-FR\memtest.exe.mui.gsg	0.14 KB	MD5: bd61c18227e8cca00435a290e1bf77ee SHA1: 1e05e79edaf740d87af66f628a1482eeebebfe8a SHA256: 5c494b1185e79ed93b50bce1e31d29ae56448bcce31e44fddbc25b0b2dd2fbac SSDeep: 3:xzOBuD0l2o23bYbPVbDueAjecNVzChDWC8gbmPn:1OBuK23bYbPVnurjeczuhDKgbmP	... File Actions Show Properties Download
C:\\Boot\zh-TW\memtest.exe.mui.gsg	0.14 KB	MD5: 5b578ec6e293cad6661dcb548e740e4f SHA1: 8c22e865554c91ee4b60142067ef2bdd72ba992e SHA256: d4b12718921577e307eb67eceab1222e5afe5b38e7139c2b213c873512dbc4ce SSDeep: 3:i1phWk0OdXzYv/vX8HyXJ3bXdPJGZ6R13B6PLH1lOvU0NWDI82+/1an:uWMdjYvX7XJ7dLB6Pz1lOTWDXMn	... File Actions Show Properties Download
C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	1.48 KB	MD5: 56373bb54816fb925e7f19f9f84734b8 SHA1: a88734c21b9159bbf4c6a3adea476161c143e37d SHA256: 640f4bd8e66ff0183a86a5df3d765a3f848e73143a273a94d8d629ba54f1b9e0 SSDeep: 24:kpblCZLunyZkghcmaq1k28+KFJGnTFpVvYycT31UnKqf1AXaeyYaT:CCD+gWmaqi22FJS0BUh14y	... File Actions Show Properties Download
C:\\Boot\Fonts\segoe_slboot.ttf.gsg	0.14 KB	MD5: 2e801cbc882ceaa34d2af90861ddadeb SHA1: 4ba7b4cc427ca7bc00557141f4db8ecc49073bb6 SHA256: 4ddd5e87aede74225e9ffa0adea33babb1ec00df2b2e11386626e0679b42e612 SSDeep: 3:+reUTUFd5a1kA/d+coMrGb4OI9Fw/idu5Moff9G/58iDNl7mPn:+rPU1kvWXMsqduMQ9G/ZDNl7mP	... File Actions Show Properties Download
C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	0.14 KB	MD5: 4d91a01fb597958cb6d9359e9b17bd12 SHA1: ce5caf192740da8b5321d009d3c5f10e50c1df19 SHA256: 8498330765a27a3c5cc5650519b05718e75c74d5adc208f77793f9542a833f37 SSDeep: 3:IplUjPtHHji+ZXCzYW8PcPCCLuQ//3hCiAlwIOn:IfUjVnJXQ9PCCLfxCiAlw	... File Actions Show Properties Download
C:\\Boot\Fonts\segmono_boot.ttf.gsg	0.14 KB	MD5: 5ba46da5059c2947a649c589693025fc SHA1: aad79489d6d72808fcd33400f38fd555ff90472c SHA256: 22494d8e411c3e432e43f777c7c149d4ec38f348e2f74ad6727dde1ad069a157 SSDeep: 3:hWLpNYk/61B3Isr7TxPpVRX0nkCxX3Jl//pwiVeXMnNm0l7mPn:0LL0+K7TBpVl0kkP/NVe6Dl7mP	... File Actions Show Properties Download
C:\\Boot\es-ES\bootmgr.exe.mui.gsg	0.14 KB	MD5: 5729b959f213ccb50a8f812f82f84954 SHA1: 1cbc0f4a28b966078237ba21208486e1c2bd61a8 SHA256: 9c466fc1e4b54c8ef2df9792c972538b3226c11ad122e3acdde8841bfde03492 SSDeep: 3:5KRMurdg5PNC9Ud/e98I39FbPHQuMw1mra7gLQGoFgXK5alwIOn:ERMurGoWw39FrQaJMEGYgXK5alw	... File Actions Show Properties Download
C:\\Boot\zh-HK\memtest.exe.mui.gsg	0.14 KB	MD5: d2d814ecb470bdcb74ff11b82f77108b SHA1: 552722a2fcd886800e2b8cb75e5b198f4e1e079b SHA256: 83e1f6de9d9a64404f559ebebabd6ce1e1d1707cfed9b03b52a448ef18d88f22 SSDeep: 3:qqx2THKnV+Pqn3rR947WyvADQ2rzbYT49JHH3w3PDreLlmQFsOdYIj8:qqwTqUyn3r01vGrzMC3wfPeL0Qv/8	... File Actions Show Properties Download
C:\\Boot\Fonts\chs_boot.ttf.gsg	0.14 KB	MD5: 3d69c55a1c77678b352e33071279976f SHA1: 9715fa552e4ba85dc29466150b9c82f8c5600ee1 SHA256: 7cc66c59a54f4a6489daa773d03c2183e83fe629cf70b59b6c2778f552e27715 SSDeep: 3:9sz9aj4o2kfMwsjEO2AkU1uloRV5ywu+FeGPjWFeY4h3pYK7mPn:QSr2W4EO2AkiRVru+FeGPaFeY4hpn7mP	... File Actions Show Properties Download
C:\\Boot\el-GR\bootmgr.exe.mui.gsg	0.14 KB	MD5: 38d32ee9bdf6ed8aff49149d5eefb7b7 SHA1: f0ccf69043d54938f0c590a340e7be71ca3245d6 SHA256: 931e9128cba996d91c2651b876f114a7637fd3750c4bd0278a23aa84f5bf62bd SSDeep: 3:h10C4cMuEh9Y5ntiA+z5kEihki079T3ggdsalwIOn:h10C4993Y5noA+z5Qutugdsalw	... File Actions Show Properties Download
C:\\pagefile.sys.gsg	0.14 KB	MD5: 5cd596e95ed9f3a4ba0f53a5d5df37fc SHA1: 180a0eb01ff6a96c78b5d015c79a2161fb74ea66 SHA256: f7437995cce2603c2ebeb9db4c668f6f5feae4ef2c67c0d327eed960d9e6bfac SSDeep: 3:lE9vY4uD1v8KnmQkAn0RQLqgTZZFvaOwYcVrp6YZvphazxkH1an:lEi9mKmxA0SLqgVeOXc5UYvhaznn	... File Actions Show Properties Download
C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	0.14 KB	MD5: b965ca0e9cf1f53d9259df342d586c0b SHA1: 579a932a480c29217239176de11d699fa1fde2d6 SHA256: 1585d5c9601a548be154544b7e737b8585a4bfb003771f60868c978e79395202 SSDeep: 3:zAiYNllJsxt+pwmO5zw13ScZDubChze74Z1TclJt6YIj8:8NJpwmO5zmSoDUCxk4LTUU8	... File Actions Show Properties Download
C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	0.14 KB	MD5: 777bb33a1e5022db9398f058dc19d59e SHA1: f4a1d99df964bad53b7c8a1d6661526b8dce5504 SHA256: 3dad2ca37f64249cceb3382b5b2b2ef35165b19911a3900c8ccb22bf9a712935 SSDeep: 3:70+h6QeGN7me8TZ1mWIJ6hryKmnHeqo/7Pi5hZbvUinbWp77mPn:70+h6dqSDh9IY7Pi5YigmP	... File Actions Show Properties Download
C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	0.14 KB	MD5: ecf153979671715541c162b89575bc88 SHA1: 1498721c71d2680987b732daa65184821dcc645f SHA256: 0f558cecba56d4f058cf5b2ebd37b9942add7cc0b91081cad0688b2968aaf42d SSDeep: 3:ppZ3drDV5c1upo4+VL9naW/XYcx0euKIA6S4EHu19uK0/o5AGrqE:p3ZV5HpPonrgiIxSQ9unkAGrqE	... File Actions Show Properties Download
C:\\Boot\pl-PL\memtest.exe.mui.gsg	0.14 KB	MD5: d753ff42b723a5b570abf1f9d38757ae SHA1: 99bc09fa69dd07dc0979bf8e2c84dbaaaea063cd SHA256: d1c0ebeafb7d5d70721bfe50ebc3ffadc695775cb163d844edaf0d2eab9a8741 SSDeep: 3:KDBDL0FM4xYJMxg/WEm1ZP4dPS+rAjnw6eFY1V5NIYIj8:KFL0iMW/5IP4dPTUzwQi8	... File Actions Show Properties Download
C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	0.14 KB	MD5: 6ee421653ec37c89e6566a0611290708 SHA1: 8bc332386f7db4d96a907b263eeef06aa9312bc1 SHA256: 5660ad2748c3a39778d98e1d55fda0bd0334a1a429280a7bbca05bbe74640be9 SSDeep: 3:eYHJS3/qL+YgVLS3ZCwcNnzZmH4lWV56o9OD/A/pBgwvSWYIj8:eibL+YMuAwl9MDoBgw/8	... File Actions Show Properties Download
C:\\Boot\es-ES\memtest.exe.mui.gsg	0.14 KB	MD5: 8e0bf91b0575614dc4da2c90b7f5ad6e SHA1: 76aa178d9396d234100c1f3a73c2cc14240608dd SHA256: e4d87be7be12502c25fd38f9f7d7753aa596e24448920dbe0e420cb5204462e3 SSDeep: 3:U8EhTGexE9Sbg8bzDF+OGM/WVXhuujCfFf/9A2huFywIOn:sTG8sog6R+OXWNhu+WFu5Fyw	... File Actions Show Properties Download
C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	0.14 KB	MD5: 565843df9afcd6e44f7588c3097a44e1 SHA1: 175e3dabb4fb7328f009f8c54b91ba5b6291ee42 SHA256: 5fa1a99b4e58cffbf2e1911c47a1d7a76d7afad6e04151d2e373d487bd82af81 SSDeep: 3:eH+JbijaMu6qiKFRSSLSizsTod6SgGGfvUY4AvcOM1QIYIj8:eeVimMu6/ES4SiQoIKcUY4Tp1QS8	... File Actions Show Properties Download
C:\\Boot\qps-ploc\memtest.exe.mui.gsg	0.14 KB	MD5: f578d429be2be425c1fa57006deac87e SHA1: b5540578fcec3fde241813ebb00136d9f9160972 SHA256: 65e04c7a6b0cbd54ab4d83598f9c4ca8c2a851d8f232d4fe4ddfc9f823823689 SSDeep: 3:6fdh0BHlpg2knyB9l7uTNsuoiGa5UBF+LEjz4hQYX/gdqiv10YIj8:6fIBnMnyF7upP55UBMW4TX/gdqi9O8	... File Actions Show Properties Download
C:\\Boot\it-IT\memtest.exe.mui.gsg	0.14 KB	MD5: e632c96b7f5c224c467266844d3d7493 SHA1: ffbe06f5e5f8430172e4e28ab7bda9655ccda38a SHA256: 3a59486b5469691eabc1d08953ef4997ab1e0d28b2e7ebfa9dcf46e8f84f2025 SSDeep: 3:jpACsPCY4xntUk3+OpDNbagB+emzwVThunouVw3ZqY4EVx5rhAJAmPn:joCOk3xn+gB3LVThu2Z9J1CJAmP	... File Actions Show Properties Download
C:\\Boot\Fonts\malgun_boot.ttf.gsg	0.14 KB	MD5: 9d47e81c07d08832198897540128cf08 SHA1: ae497c514660a39e6113a7ca4e07cf92abc62fdd SHA256: 4835f3db87b07fd0b306840239d0d4cc80e3c78019e5c173609d1f0bd25be985 SSDeep: 3:7scEukRXx7JJ3N2fS3Yiy9gTr+Wtq7MXOvTSq6RfKLtnLQND1mPn:7ovJ3N2fS3YiagTr+WWMXO+9fKZn6D14	... File Actions Show Properties Download
C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	0.14 KB	MD5: a404079e49d8259456764fbfa1e753b3 SHA1: 14817e63f36e03c967bdff9d241dee8b66a15d69 SHA256: bde46282ed9030009e9504f38f1631e3a64dba8038e6c386afba10be480a6eec SSDeep: 3:x9JI4YWK9WZuWHizNnT/LgYfFTGiUXOuAoUSu8b/7jSuWGh0XwIOn:HJI4YcKt/LgYD6b/nSrdw	... File Actions Show Properties Download
C:\\Boot\de-DE\bootmgr.exe.mui.gsg	0.14 KB	MD5: b20f9761d89d6fac605dbfbb13e9370a SHA1: 94a8df0ed8d280916e1529a5fa29100ea798b5f5 SHA256: 93e855028d645453956e8c1bd54f125d99ec0e3f60fc3f965a33b83cde05d9f9 SSDeep: 3:VqMlCE1xheLSxUnFXuToLHBa6xyb8+XwQpMyVkSzH5/ouy5XwIOn:p9xAmxWFXJY5b8e3pMyVx50Xw	... File Actions Show Properties Download
C:\\Boot\ko-KR\memtest.exe.mui.gsg	0.14 KB	MD5: 0094566d12936d98d034bf835a3f6d91 SHA1: 9f4b24cd117d2dc22cedc575df6e527985701736 SHA256: c0c2c8b907188bb67818dfea796eccefce412b742a160a9b018773087a78a264 SSDeep: 3:CUHyb1ZR2vcMiNdtq9DP3IKTMXW+SD8P192IichV8tvP7bi7B6teGrqE:CB1v2ZwsWW+36iVQDGAsGrqE	... File Actions Show Properties Download
C:\\Boot\pt-PT\memtest.exe.mui.gsg	0.14 KB	MD5: f10abef0d99058f14ddc77e08a4158ad SHA1: 1e5544951773ceac13b90fd09968dd2867c5b2c5 SHA256: d83af44a6e800476bb8189b6ecb04648d78f2d84a01c97f8024069360f3a95bc SSDeep: 3:cnGm15ucE9DtYIoNIQAp5fj1khMHCEMqSvWbfVlk1Rb/eWYIj8:9m15TqJBoFISMNNrk1Rb/L8	... File Actions Show Properties Download
C:\\Boot\nl-NL\memtest.exe.mui.gsg	0.14 KB	MD5: f2e25a68c14367c8a698184446b54164 SHA1: 289a1cb92cac8fa56c32e4f5c0dad8c4b6dab615 SHA256: 878e1898c59e7772fec5e29ae0550206a2d873ac1c3411ccc1981098fccea57c SSDeep: 3:A2rYyEfBo5NbjLhPPxi+vKfRzBaypSkcK1+TmY5kC6YuHr/cHAGrqE:A+YyPTbfZPIQER1aypSk71+TmYd6BLUB	... File Actions Show Properties Download
C:\\Boot\Fonts\msyhn_boot.ttf.gsg	0.14 KB	MD5: e1cbcd41d99503d03bfe9501fa7a70fb SHA1: eb6e2a7a6b0d5d57ca510e8ff44dbd6b3396d6ca SHA256: b68c6fe5a87c1f8883e94cb1890b53db427ec18ecd362530a5ecd605f159258d SSDeep: 3:vg4jsmrc0gzIRzwvABqpPNL06UA/7apnr4TtTBYK/7mPn:I4jsmqzINwL7MrOt1YU7mP	... File Actions Show Properties Download
C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	0.14 KB	MD5: b20fd7994ee96ce1a881c66d2e4fad20 SHA1: ef1901893567a508fc84fe1b2d16273fee06f482 SHA256: 3d1742974f726955d571b800b5d1f6f74ba85cfdd8b8e52b5e664fd42bb57b71 SSDeep: 3:Y2LwjoPH9fYL5wnE2CfFJmKAVZtVoePZOXLBkkUcfdUkLAGrqE:bLwjof6NwhCfv9ooe4XuDuOuAGrqE	... File Actions Show Properties Download
C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	0.14 KB	MD5: 3e21e64549d524c2105d43ac40146879 SHA1: e1b3a2121215067cc100b62db266ac9aa79ed4d0 SHA256: 286360007bf99eeac487c2986e80345aec8337c01ecd4dc8920d10482db21958 SSDeep: 3:1ddnPcofiq7oKlAawWm8fekNEY47JtuHH7Utk9ibft66lngEYl0mmPn:1ddnPNisoFeWY2Jtlt8w669BTmmP	... File Actions Show Properties Download
C:\\Boot\zh-CN\memtest.exe.mui.gsg	0.14 KB	MD5: c9087d772be210b11887e1b54b68c706 SHA1: ae2727bce94927c9e72c749235e745d4d81af3a6 SHA256: e7ccce2785de9c928b3727b6e349f29f65f3333384df1ce4fad34d2ff7631f9b SSDeep: 3:o1OwW3591hjreJCbe7MCZVA+Xuj5eVc/xQbGKBIqEPMxM7NDbg8DnNIYIj8:o65NeJCblMmouj5eVc/xIGKBXEPMx58l	... File Actions Show Properties Download
C:\\Boot\Fonts\malgunn_boot.ttf.gsg	0.14 KB	MD5: f360772fada694eb3c8f2de62537431c SHA1: 00ffd3319cabd644860e1f40816515f4ac534781 SHA256: f3d9390ea9540ef268316d010955ba13948eda5dbb8f4a4aefec35d45e13e620 SSDeep: 3:roZSNH1Ipio1Aj2ZXtGnEwhV0r38axnkSK7mPn:E8N2fK2ZXo8rHOmP	... File Actions Show Properties Download
C:\\BOOTSECT.BAK.gsg	8.14 KB	MD5: ed90aee48fbf4234a3474f689e0ac11e SHA1: 074fb0a9af7e2c339224e6de83efad5073086385 SHA256: 81f1774cd32429ef3fa934a3236019e225e88aeff12e25607e73776bc4992802 SSDeep: 192:tUYGu7M+qdlqbjB6cDp8aH43tvnFOVMZBLk8nfB24uvtktG:Pv7t3B6ceR3tvnFRk8nZ2XB	... File Actions Show Properties Download
C:\\Boot\pt-BR\memtest.exe.mui.gsg	0.14 KB	MD5: d7242ee9283d272ea939d3e6c421985e SHA1: ce50c37dc966c4ae2170888705f007f9543a0f0a SHA256: 192460af5617f7eb28bec2c4f00dbff6988151b868d1eb82512fed477ed619e5 SSDeep: 3:H7G6st5ceCWyXWGxiCUm2qXDHhaUEaUnZL/0mIss565WYIj8:qdVCdJHhaUEaUnZL/0mQ8	... File Actions Show Properties Download
C:\\Boot\Fonts\meiryo_boot.ttf.gsg	0.14 KB	MD5: cba27a4378a1638ce63a3451a0adf5d8 SHA1: ed57c423aeb1492d04d30e7558c77804a069c470 SHA256: 5fa21aeb8ff9df559818337bc9204f85b018cd0ea939d9aa4df6b0fc6d80f733 SSDeep: 3:AfPb2o08lnkZbMToQiJws1jVUPz8vMSAzxI0KNgtqpsp8CmPn:MPnQgtiO9PIvMzzoNoSsaCmP	... File Actions Show Properties Download
C:\\Boot\da-DK\memtest.exe.mui.gsg	0.14 KB	MD5: 9eac62a8e67be5e1fb6dd57d915e78ac SHA1: 22243ebd9a151c334947b80c2df63ed84764f211 SHA256: f6ce9567dabd7f5c1d2c37ab45d0600ed33c7f0ac7c2e4b322744407af79165a SSDeep: 3:v1QSHAdhEzQa/sMMsg78hhZLkOho8D3s1OOMTgfCD/zWwIOn:tQnE5UM/dYOho8rs1OOMT9jzWw	... File Actions Show Properties Download
C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	0.14 KB	MD5: cdc5daf152828dbc0136b369f185fa15 SHA1: 891dd87df1b745cd5d24c4b585c31a86137b4bc2 SHA256: 1de25e64e52db6fa7e6de1f80cb2f1d10e0fb3a954818645b9025fa8ebcbb495 SSDeep: 3:KgRaCwjiowDcsF89mzouq3SMmML0FqJFVYJRHhV/cZ5AGrqE:KgUJKAPUoza5RHno5AGrqE	... File Actions Show Properties Download
C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	0.14 KB	MD5: bce18627aa09ff4f89193911289cb864 SHA1: 7a6c6f94f8cafbbf715de063a13dc8534524fc14 SHA256: 7392b62d55fdbc625d97c001b6a7e79606388bbdbbdf4a7cbd7e9196d11501f6 SSDeep: 3:LeXnCpXdxDLmHaxfwqvQR4sZDdg1UgX3ULMZ5AGrqE:Le32DS6eRh61UgHaY5AGrqE	... File Actions Show Properties Download
C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	0.14 KB	MD5: 8c10decfa2fd7d20620e593a99f7713a SHA1: 497a76028e1c8cd1b0835c136c9315c8bf520aa7 SHA256: 4e4c44760fa129b45044a042ace4e867fda8a852fc640249bd3b384135e231da SSDeep: 3:RWEAVXEP49GFzAg9Her0J9Mek2xHBgldshZHFza3LThgrpcrTUJYYIj8:1P49A9H0w9f/4EHFu3LT29cX8	... File Actions Show Properties Download
C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	0.14 KB	MD5: 9cf0560a93888664bad44c5dff6313f1 SHA1: e209ec4011cf57968a664e51504323fd6f08ef4e SHA256: c938c76fb93412c9de412a4b177515945316b34ae2959abfdf2e2e53e02cd3ef SSDeep: 3:evzWr0D5M1p3thEt0wxVHkfDYt96JhgU/ZOi74Cz8U7WYIj8:eaQDuRhoxVHkf86JhRROS4Cz8UQ8	... File Actions Show Properties Download
C:\\Boot\Fonts\meiryon_boot.ttf.gsg	0.14 KB	MD5: f6f111f6ea320ea852cd1e2382af9c69 SHA1: 61345bd8127eff3b78dbf3ef4ae752e07e76af70 SHA256: e74e2402f5fe6bc92953bcf4cd3ef6f665b14694eb08be891dfb5068c9bf7656 SSDeep: 3:tPiq2LdU0Kr2YFtiJozpNPMCDecTjXszUnzz9DCmPn:t+Kr2YXiJo9NrTszUnzZDCmP	... File Actions Show Properties Download
C:\\Boot\el-GR\memtest.exe.mui.gsg	0.14 KB	MD5: e57e972292dc894c8f5615758ebc42ae SHA1: 649ea298bb4b88792e6a4d0fae8065f37a9fab17 SHA256: 72a9f9897422336cef58f2209dececce8ff55ba0ee5cc0dd448db65f057fb0d2 SSDeep: 3:Qb3snt9EHe7I2zHZbsKuPKNkVvQKYVA3GwIOn:QgtiHecwIKuvVvnWw	... File Actions Show Properties Download
C:\\Boot\da-DK\bootmgr.exe.mui.gsg	0.14 KB	MD5: b10816aa4f0fd60c8f4eabb50f3947fc SHA1: ab1d0f2dd42692acbcae9e814a86fd0f2407540e SHA256: 20e2ad8b17ece9eb18912e9cc8b2671304703a066f361e6b8a2d7a0efa452217 SSDeep: 3:ZAy9/LDuAqnwica07Ms/UoO6dW0u87yZRdXQjJElwIOn:dnusic5QToddMyyvxQjqlw	... File Actions Show Properties Download
C:\\Boot\Fonts\kor_boot.ttf.gsg	0.14 KB	MD5: 5555b84966b89ebf867b16c0300ee4c3 SHA1: 0f3c5ab3273ce884b094eb9fa64697f30dca66f9 SHA256: 14c184cf3fee88126c5104d317d11ce3c58a9313bcd405b4dcffcc959ff0fcde SSDeep: 3:okt1YrFVXssZLdWrkDpGDkelznZvqKrpf6kZKFcnDbEvsoAsOaR6oCmPn:ok4RV9UrkojiY6QKmH/QOZoCmP	... File Actions Show Properties Download
C:\\Boot\en-GB\bootmgr.exe.mui.gsg	0.14 KB	MD5: 61d8c37434c256e4c188b99688b8243a SHA1: ca1c65d21ff9ae2dce06b50c0167b0770c1cd014 SHA256: 2ea882362f1c292cbc0c40537dfcffae7767a763134cb62162e124b918d5c124 SSDeep: 3:dT1FLimFKbcCRQfhyUB71+7XbKk9q+hQN2Me9RYYFUCsZL3GwIOn:RbimwbcCRkrd1eKk97ho273sZDGw	... File Actions Show Properties Download
C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	0.14 KB	MD5: e1530e5968e87b68b7a65fef1a51ba63 SHA1: 61fad6b69fc58b74d116c8eef9773dc9023d54f1 SHA256: 3a0ce4f55c3211dde19ec462d3d0f3278db0391db74f8f17adff9c85671e528e SSDeep: 3:HTDaEyJXzYiRXFdDS3L5y6y5TJvjLG38mUnyYSmIYIj8:HiEyJkiLRS3SNZjLg8mOS78	... File Actions Show Properties Download
C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	0.14 KB	MD5: 37bcbfed32ae8c04ee37ef5efb069e28 SHA1: 47879b712001ace554a3dd291b686b3d343c101f SHA256: f1d78bb87c49800373f958c9375fb708b9be752f60d4eb4e804aaa50eceffa0b SSDeep: 3:HY7ImN64cdmO+G97lzlLMYNXKRB48bXryaZZ8QNYkAGrqE:4U66jmHElzRMYwRdb2SZ7NYkAGrqE	... File Actions Show Properties Download
C:\\Boot\ja-JP\memtest.exe.mui.gsg	0.14 KB	MD5: 269df3c29827a569e69c12077c1b8255 SHA1: e61b1265569b3faaedae463d6b0d0fab85b1aae3 SHA256: 93441fa9705cc8d79f745d1ff43cb44bb722744e1ddf0adc29e1775de8522718 SSDeep: 3:QgtZZ2UAL1Nz160U1mU2ylksH+4Q6RAW0ed3BGY01TY6M2cgGrqE:zG11NZ6BQq+4RAa3rkYn2cgGrqE	... File Actions Show Properties Download
C:\\Boot\de-DE\memtest.exe.mui.gsg	0.14 KB	MD5: 77d32fa41af7a516d5f88e5c4c2c94ff SHA1: 8ee0af0c2a6cbd95d95008cb83293645d71f88ac SHA256: a81b952eccc02570da5ab3f4a11c1f188fb7b4bfe0b1c24f09b88ed589e6f12c SSDeep: 3:Vcz0o5/MlOQh6tLgvVNLOqxbYbDUPUOL4bNXIqd4ZXwIOn:Wd/ShgUvSKbIDUMOkbN4B9w	... File Actions Show Properties Download
C:\\Boot\Fonts\msjhn_boot.ttf.gsg	0.14 KB	MD5: 1dd26bc1e4327d9dbfca990738b8542f SHA1: 6350c595db74204629f6921cd087dd2bc2d8a3ec SHA256: 4cb0e23e742472f6873aab72cdd3b196119e05a43536625e3d84bdf8360fb5db SSDeep: 3:bITI5e9/Yfy4jajujDBWlGDUDI+akZGFBXgvOInmDCmPn:bITLiy4vRWlGDUDI+3GFmnmDCmP	... File Actions Show Properties Download
C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	0.14 KB	MD5: 9d1f235a3af10ca3fb3839e3623de1e3 SHA1: 8638fc0c69879f2c4d1e882a0fc80f91a70f5c04 SHA256: 0c3ad7b50b465f5ab318571b83f476f94b7b10ab79e7e74a96d3497393cdab17 SSDeep: 3:NLAAksaO28kHCcMbmjfQvhB733aMoz9cUMvPKcpIE2Y6xq+1tgd2I6m0yCmPn:Z5kskHlMCjov/33JKcpoY8jb7I62CmP	... File Actions Show Properties Download
C:\\Boot\Fonts\cht_boot.ttf.gsg	0.14 KB	MD5: 3f8826705430001b773c93b885126292 SHA1: 2fcff0ba1d1062920a377ea80d8a8745110436a8 SHA256: 5a3997f8400aa03ca4d097393bc24b09bb328a0d78c9a213b6cee59f14836099 SSDeep: 3:XvDTSLTI/qKaiMYl/6eHGkfhKg9/4p3crTsvdaCh7mmmPn:XvDCE5MjKKgd4cChFmP	... File Actions Show Properties Download
C:\\Boot\ru-RU\memtest.exe.mui.gsg	0.14 KB	MD5: 572131c9fa366aee7391d9b9c4f5d9aa SHA1: 54a5f161a65f17e282371dd9fe5ec754aead3994 SHA256: e8aea0d6c53ad39e5d8679591f785e281ddb6c9be6ef10042797ed0487832044 SSDeep: 3:XHQj07NEeiii1+WA7MApPacSEE6NW+tTVw+1txiI8uk1J5CYIj8:3Qj07ZXO+WQ+cSEE6NX7w+3EIg13A8	... File Actions Show Properties Download
C:\\Boot\en-US\memtest.exe.mui.gsg	0.14 KB	MD5: 3cef9243d68bd77bd76d64ae9cf115b9 SHA1: e3595567bb9d7a16c2a2138813474aacf8edd048 SHA256: ebcfdc31b2c72af90a592c4268a6f9f0210ff1d0e6e6cb645bda22de4f869370 SSDeep: 3:gFZS6cJ9iLI07xR+9WJgnJoQhdWLcy6iTrudFkLrezU96MHnm3EXwIOn:gjS6cPYRFuJXLWLcyv6ELKzU96Gnm3Eg	... File Actions Show Properties Download
C:\\hiberfil.sys.gsg	0.14 KB	MD5: 5f51b3553277e17422bbadbe1528cc09 SHA1: b755af2f58370808a4cf96211aa973df09285ca2 SHA256: 345b80a10c5b80d833d87b526d3a68f2e4efff0b31eb7412d78e5f9bb5fc3df7 SSDeep: 3:cQg7mgVOiiO107w1tN+xPdCg8buU2k4GBaAkwd1an:c17XcWj/+9dibAkPBmwan	... File Actions Show Properties Download
C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	0.14 KB	MD5: b2e4fa8b40df42c19a74e9fc35d9b0ef SHA1: 14ad7e13f245d0f5e200a848f0969daf360773da SHA256: aca1bc5ada77922f97ea1b31355483200760f98b104353a9ae575b5e65ee0b1c SSDeep: 3:Ajhnbdy9f5FIaej87KQ5n/NR+F6teGrqE:AjhnJy9fnz5/NR+AsGrqE	... File Actions Show Properties Download
C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	0.14 KB	MD5: 4793e1ed74e56a752dce5003804cdfa9 SHA1: d43447a87c0f7b411fd9ed7c41d21da72e0c9809 SHA256: b725678e33eb8e387caecce191958557721a7266e3221580892b836ad7032dcb SSDeep: 3:rMzQSZ5Va35F3/tXpxrz3GQkEpKuUCP7FEuwVU7WYIj8:rXowL3/dpdeEBUw7FhaUQ8	... File Actions Show Properties Download
C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	0.14 KB	MD5: 928c8827e15a05c09dea9cef05abbb6a SHA1: dd472516efea0c1c97104c5d2c89f350c5ce7b23 SHA256: 6c6f5a9e492e3cda1b19eb7fe22e62f339420049a6a38617d08618dfde613d41 SSDeep: 3:AeNMWREmTRgO1UEeY04/dAlAtF5Kbuf9tNlEQJoXpoyKYIj8:Ae8i1UoWABtfXM7X2x8	... File Actions Show Properties Download
C:\\Boot\Fonts\segoen_slboot.ttf.gsg	0.14 KB	MD5: 056624667d0155130d49a7218c3556c6 SHA1: 468eeb38da916bce4b610c6ce71eb37caa0a527d SHA256: de9fa6d831c4599238902283151a1772c2e2011f8ebc4c6978ad0f53e7aef3c3 SSDeep: 3:Bgi1LdLxt9n9wa25zoqxrI33vWbjGjcjk+29QxNOWmPn:Bnrdth9wa2loqxcnvEjGjcjy9hWmP	... File Actions Show Properties Download
C:\\Boot\Fonts\wgl4_boot.ttf.gsg	0.14 KB	MD5: 30e2ff05dd7913f7cde3295834b71fe0 SHA1: f1835965f88d4d0bc335b64ef4c7c9bcf7cdfefc SHA256: 084b34295f9c2dfb8962a6517188c72c7398e65734eb12ed8f3a0788431b99b1 SSDeep: 3:kltyT8WzLkgdQJDIp7JSZijxGHv0aLceSZgSpmDCmPn:sS8StAZdP0qcT6ymDCmP	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\\Boot\BOOTSTAT.DAT.gsg	64.14 KB	MD5: f79b78f4545e0dffaa929b96f438cb65 SHA1: e716ce423368d8f7a10051453f1c93e3b94cff9c SHA256: e6ebdc723d4efa541d5be0efdac83730519f651233e8280a1f815e6823587192 SSDeep: 1536:h9CiCqQ3DiuK77V7tnG0uEtYI7KDM6/TWTUC6neJq:dCfeuQRRn379UTWYRes	... File Actions Show Properties Download
C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	9.25 MB	MD5: c10cd607c7a73549e595e5572a7986da SHA1: f5a8401967c38244e0e2450b87ef672d75475760 SHA256: 8b7c4146b7f199f9ee8924d0c87a5c95b4f25b29ecd3bca1092ccd8ba6dbf991 SSDeep: 3:wAqemA8mA0gU/9XONRu8Pa1v7c+g5zMWDTbjgnbRBu9Itl:xmagmXODu8i1vD8YYbGs9	... File Actions Show Properties Download
C:\\BOOTSECT.BAK.gsg	8.14 KB	MD5: ed90aee48fbf4234a3474f689e0ac11e SHA1: 074fb0a9af7e2c339224e6de83efad5073086385 SHA256: 81f1774cd32429ef3fa934a3236019e225e88aeff12e25607e73776bc4992802 SSDeep: 192:tUYGu7M+qdlqbjB6cDp8aH43tvnFOVMZBLk8nfB24uvtktG:Pv7t3B6ceR3tvnFRk8nZ2XB	... File Actions Show Properties Download

Host Behavior

File (1715)

Operation	Filename	Additional Information	Count	Logfile
Create	-	desired_access = GENERIC_READ	1	Fn
Create	-	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\$Recycle.Bin\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\BCD.LOG.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\bg-BG\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\bg-BG\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\BOOTSTAT.DAT.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\en-GB\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-GB\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-GB\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\es-MX\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-MX\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-MX\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\et-EE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\et-EE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\et-EE\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\chs_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\cht_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\jpn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\kor_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgunn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgun_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryon_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryo_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjhn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjh_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyhn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyh_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segmono_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoen_slboot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoe_slboot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\wgl4_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\fr-CA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-CA\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\hr-HR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hr-HR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\lt-LT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lt-LT\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\lv-LV\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lv-LV\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\qps-ploc\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\Resources\en-US\bootres.dll.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Resources\en-US\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\Resources\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\ro-RO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ro-RO\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\sk-SK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sk-SK\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\sl-SI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sl-SI\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-RS\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\uk-UA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\uk-UA\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\BOOTSECT.BAK.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Config.Msi\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Documents and Settings\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\hiberfil.sys.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\pagefile.sys.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\PerfLogs\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_15.007.20033\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_15.023.20070\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.009.20058\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	3	Fn
Get Info	STD_OUTPUT_HANDLE	type = file_type	3	Fn
Get Info	STD_ERROR_HANDLE	type = file_type	3	Fn
Get Info	System Paging File	type = size	1	Fn
Get Info	C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\$Recycle.Bin\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\$Recycle.Bin\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\BCD.LOG	type = file_attributes	1	Fn
Get Info	C:\\Boot\bg-BG\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\bg-BG\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\bg-BG\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\BOOTSTAT.DAT	type = file_attributes	1	Fn
Get Info	C:\\Boot\cs-CZ\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\cs-CZ\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\cs-CZ\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\cs-CZ\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\da-DK\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\da-DK\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\da-DK\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\da-DK\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\de-DE\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\de-DE\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\de-DE\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\de-DE\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\el-GR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\el-GR\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\el-GR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\el-GR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\en-GB\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\en-GB\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\en-GB\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\en-US\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\en-US\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\en-US\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\en-US\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\es-ES\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\es-ES\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\es-ES\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\es-ES\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\es-MX\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\es-MX\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\es-MX\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\et-EE\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\et-EE\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\et-EE\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\fi-FI\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\fi-FI\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\fi-FI\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\fi-FI\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\Fonts\chs_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\cht_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\jpn_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\kor_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\malgunn_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\malgun_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\meiryon_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\meiryo_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\msjhn_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\msjh_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\msyhn_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\msyh_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\segmono_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\segoen_slboot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\segoe_slboot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\wgl4_boot.ttf	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\Fonts\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\fr-CA\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\fr-CA\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\fr-CA\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\fr-FR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\fr-FR\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\fr-FR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\fr-FR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\hr-HR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\hr-HR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\hr-HR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\hu-HU\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\hu-HU\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\hu-HU\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\hu-HU\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\it-IT\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\it-IT\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\it-IT\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\it-IT\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\ja-JP\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ja-JP\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ja-JP\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\ja-JP\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\ko-KR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ko-KR\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ko-KR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\ko-KR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\lt-LT\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\lt-LT\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\lt-LT\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\lv-LV\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\lv-LV\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\lv-LV\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\nb-NO\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\nb-NO\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\nb-NO\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\nb-NO\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\nl-NL\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\nl-NL\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\nl-NL\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\nl-NL\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\pl-PL\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pl-PL\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pl-PL\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\pl-PL\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\pt-BR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-BR\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-BR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-BR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\pt-PT\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-PT\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-PT\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\pt-PT\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\qps-ploc\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\qps-ploc\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\qps-ploc\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\qps-ploc\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\Resources\en-US\bootres.dll.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\Resources\en-US\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\Resources\en-US\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\Resources\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\Resources\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\ro-RO\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ro-RO\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\ro-RO\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\ru-RU\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ru-RU\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\ru-RU\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\ru-RU\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\sk-SK\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sk-SK\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\sk-SK\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\sl-SI\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sl-SI\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\sl-SI\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sr-Latn-CS\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sr-Latn-CS\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\sr-Latn-CS\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sr-Latn-RS\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\sr-Latn-RS\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\sv-SE\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sv-SE\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\sv-SE\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\sv-SE\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\tr-TR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\tr-TR\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\tr-TR\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\tr-TR\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\uk-UA\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\uk-UA\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\uk-UA\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\zh-CN\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-CN\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-CN\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-CN\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\zh-HK\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-HK\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-HK\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-HK\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\zh-TW\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-TW\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-TW\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\zh-TW\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Boot\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Boot\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\BOOTSECT.BAK	type = file_attributes	1	Fn
Get Info	C:\\Config.Msi\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Config.Msi\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\Documents and Settings\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\Documents and Settings\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\hiberfil.sys	type = file_attributes	1	Fn
Get Info	C:\\pagefile.sys	type = file_attributes	1	Fn
Get Info	C:\\PerfLogs\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\PerfLogs\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_15.007.20033\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_15.007.20033\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_15.023.20070\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_15.023.20070\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_17.009.20058\README_BACK_FILES.htm	type = file_attributes	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_17.009.20058\README_BACK_FILES.htm	type = file_type	1	Fn
Get Info	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp	type = file_attributes	1	Fn
Open	STD_INPUT_HANDLE	-	3	Fn
Open	STD_OUTPUT_HANDLE	-	5	Fn
Open	STD_ERROR_HANDLE	-	3	Fn
Copy	C:\\Boot\BCD.LOG	source_filename = C:\\Boot\BCD.LOG.gsg	1	Fn
Copy	C:\\Boot\bg-BG\bootmgr.exe.mui	source_filename = C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\BOOTSTAT.DAT	source_filename = C:\\Boot\BOOTSTAT.DAT.gsg	1	Fn
Copy	C:\\Boot\cs-CZ\bootmgr.exe.mui	source_filename = C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\cs-CZ\memtest.exe.mui	source_filename = C:\\Boot\cs-CZ\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\da-DK\bootmgr.exe.mui	source_filename = C:\\Boot\da-DK\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\da-DK\memtest.exe.mui	source_filename = C:\\Boot\da-DK\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\de-DE\bootmgr.exe.mui	source_filename = C:\\Boot\de-DE\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\de-DE\memtest.exe.mui	source_filename = C:\\Boot\de-DE\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\el-GR\bootmgr.exe.mui	source_filename = C:\\Boot\el-GR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\el-GR\memtest.exe.mui	source_filename = C:\\Boot\el-GR\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\en-GB\bootmgr.exe.mui	source_filename = C:\\Boot\en-GB\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\en-US\bootmgr.exe.mui	source_filename = C:\\Boot\en-US\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\en-US\memtest.exe.mui	source_filename = C:\\Boot\en-US\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\es-ES\bootmgr.exe.mui	source_filename = C:\\Boot\es-ES\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\es-ES\memtest.exe.mui	source_filename = C:\\Boot\es-ES\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\es-MX\bootmgr.exe.mui	source_filename = C:\\Boot\es-MX\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\et-EE\bootmgr.exe.mui	source_filename = C:\\Boot\et-EE\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\fi-FI\bootmgr.exe.mui	source_filename = C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\fi-FI\memtest.exe.mui	source_filename = C:\\Boot\fi-FI\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\Fonts\chs_boot.ttf	source_filename = C:\\Boot\Fonts\chs_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\cht_boot.ttf	source_filename = C:\\Boot\Fonts\cht_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\jpn_boot.ttf	source_filename = C:\\Boot\Fonts\jpn_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\kor_boot.ttf	source_filename = C:\\Boot\Fonts\kor_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\malgunn_boot.ttf	source_filename = C:\\Boot\Fonts\malgunn_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\malgun_boot.ttf	source_filename = C:\\Boot\Fonts\malgun_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\meiryon_boot.ttf	source_filename = C:\\Boot\Fonts\meiryon_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\meiryo_boot.ttf	source_filename = C:\\Boot\Fonts\meiryo_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\msjhn_boot.ttf	source_filename = C:\\Boot\Fonts\msjhn_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\msjh_boot.ttf	source_filename = C:\\Boot\Fonts\msjh_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\msyhn_boot.ttf	source_filename = C:\\Boot\Fonts\msyhn_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\msyh_boot.ttf	source_filename = C:\\Boot\Fonts\msyh_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\segmono_boot.ttf	source_filename = C:\\Boot\Fonts\segmono_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\segoen_slboot.ttf	source_filename = C:\\Boot\Fonts\segoen_slboot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\segoe_slboot.ttf	source_filename = C:\\Boot\Fonts\segoe_slboot.ttf.gsg	1	Fn
Copy	C:\\Boot\Fonts\wgl4_boot.ttf	source_filename = C:\\Boot\Fonts\wgl4_boot.ttf.gsg	1	Fn
Copy	C:\\Boot\fr-CA\bootmgr.exe.mui	source_filename = C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\fr-FR\bootmgr.exe.mui	source_filename = C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\fr-FR\memtest.exe.mui	source_filename = C:\\Boot\fr-FR\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\hr-HR\bootmgr.exe.mui	source_filename = C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\hu-HU\bootmgr.exe.mui	source_filename = C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\hu-HU\memtest.exe.mui	source_filename = C:\\Boot\hu-HU\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\it-IT\bootmgr.exe.mui	source_filename = C:\\Boot\it-IT\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\it-IT\memtest.exe.mui	source_filename = C:\\Boot\it-IT\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ja-JP\bootmgr.exe.mui	source_filename = C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ja-JP\memtest.exe.mui	source_filename = C:\\Boot\ja-JP\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ko-KR\bootmgr.exe.mui	source_filename = C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ko-KR\memtest.exe.mui	source_filename = C:\\Boot\ko-KR\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\lt-LT\bootmgr.exe.mui	source_filename = C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\lv-LV\bootmgr.exe.mui	source_filename = C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\nb-NO\bootmgr.exe.mui	source_filename = C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\nb-NO\memtest.exe.mui	source_filename = C:\\Boot\nb-NO\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\nl-NL\bootmgr.exe.mui	source_filename = C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\nl-NL\memtest.exe.mui	source_filename = C:\\Boot\nl-NL\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pl-PL\bootmgr.exe.mui	source_filename = C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pl-PL\memtest.exe.mui	source_filename = C:\\Boot\pl-PL\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pt-BR\bootmgr.exe.mui	source_filename = C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pt-BR\memtest.exe.mui	source_filename = C:\\Boot\pt-BR\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pt-PT\bootmgr.exe.mui	source_filename = C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\pt-PT\memtest.exe.mui	source_filename = C:\\Boot\pt-PT\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\qps-ploc\bootmgr.exe.mui	source_filename = C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\qps-ploc\memtest.exe.mui	source_filename = C:\\Boot\qps-ploc\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\Resources\en-US\bootres.dll.mui	source_filename = C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	1	Fn
Copy	C:\\Boot\ro-RO\bootmgr.exe.mui	source_filename = C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ru-RU\bootmgr.exe.mui	source_filename = C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\ru-RU\memtest.exe.mui	source_filename = C:\\Boot\ru-RU\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sk-SK\bootmgr.exe.mui	source_filename = C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sl-SI\bootmgr.exe.mui	source_filename = C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui	source_filename = C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sr-Latn-CS\memtest.exe.mui	source_filename = C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui	source_filename = C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sv-SE\bootmgr.exe.mui	source_filename = C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\sv-SE\memtest.exe.mui	source_filename = C:\\Boot\sv-SE\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\tr-TR\bootmgr.exe.mui	source_filename = C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\tr-TR\memtest.exe.mui	source_filename = C:\\Boot\tr-TR\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\uk-UA\bootmgr.exe.mui	source_filename = C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-CN\bootmgr.exe.mui	source_filename = C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-CN\memtest.exe.mui	source_filename = C:\\Boot\zh-CN\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-HK\bootmgr.exe.mui	source_filename = C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-HK\memtest.exe.mui	source_filename = C:\\Boot\zh-HK\memtest.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-TW\bootmgr.exe.mui	source_filename = C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	1	Fn
Copy	C:\\Boot\zh-TW\memtest.exe.mui	source_filename = C:\\Boot\zh-TW\memtest.exe.mui.gsg	1	Fn
Copy	C:\\BOOTSECT.BAK	source_filename = C:\\BOOTSECT.BAK.gsg	1	Fn
Copy	C:\\hiberfil.sys	source_filename = C:\\hiberfil.sys.gsg	1	Fn
Copy	C:\\pagefile.sys	source_filename = C:\\pagefile.sys.gsg	1	Fn
Move	C:\\Boot\BCD.LOG.fuck	source_filename = C:\\Boot\BCD.LOG	1	Fn
Move	C:\\Boot\bg-BG\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\bg-BG\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\BOOTSTAT.DAT.fuck	source_filename = C:\\Boot\BOOTSTAT.DAT	1	Fn
Move	C:\\Boot\cs-CZ\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\cs-CZ\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\cs-CZ\memtest.exe.mui.fuck	source_filename = C:\\Boot\cs-CZ\memtest.exe.mui	1	Fn
Move	C:\\Boot\da-DK\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\da-DK\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\da-DK\memtest.exe.mui.fuck	source_filename = C:\\Boot\da-DK\memtest.exe.mui	1	Fn
Move	C:\\Boot\de-DE\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\de-DE\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\de-DE\memtest.exe.mui.fuck	source_filename = C:\\Boot\de-DE\memtest.exe.mui	1	Fn
Move	C:\\Boot\el-GR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\el-GR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\el-GR\memtest.exe.mui.fuck	source_filename = C:\\Boot\el-GR\memtest.exe.mui	1	Fn
Move	C:\\Boot\en-GB\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\en-GB\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\en-US\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\en-US\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\en-US\memtest.exe.mui.fuck	source_filename = C:\\Boot\en-US\memtest.exe.mui	1	Fn
Move	C:\\Boot\es-ES\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\es-ES\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\es-ES\memtest.exe.mui.fuck	source_filename = C:\\Boot\es-ES\memtest.exe.mui	1	Fn
Move	C:\\Boot\es-MX\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\es-MX\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\et-EE\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\et-EE\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\fi-FI\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\fi-FI\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\fi-FI\memtest.exe.mui.fuck	source_filename = C:\\Boot\fi-FI\memtest.exe.mui	1	Fn
Move	C:\\Boot\Fonts\chs_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\chs_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\cht_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\cht_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\jpn_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\jpn_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\kor_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\kor_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\malgunn_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\malgunn_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\malgun_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\malgun_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\meiryon_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\meiryon_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\meiryo_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\meiryo_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\msjhn_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\msjhn_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\msjh_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\msjh_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\msyhn_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\msyhn_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\msyh_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\msyh_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\segmono_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\segmono_boot.ttf	1	Fn
Move	C:\\Boot\Fonts\segoen_slboot.ttf.fuck	source_filename = C:\\Boot\Fonts\segoen_slboot.ttf	1	Fn
Move	C:\\Boot\Fonts\segoe_slboot.ttf.fuck	source_filename = C:\\Boot\Fonts\segoe_slboot.ttf	1	Fn
Move	C:\\Boot\Fonts\wgl4_boot.ttf.fuck	source_filename = C:\\Boot\Fonts\wgl4_boot.ttf	1	Fn
Move	C:\\Boot\fr-CA\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\fr-CA\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\fr-FR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\fr-FR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\fr-FR\memtest.exe.mui.fuck	source_filename = C:\\Boot\fr-FR\memtest.exe.mui	1	Fn
Move	C:\\Boot\hr-HR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\hr-HR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\hu-HU\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\hu-HU\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\hu-HU\memtest.exe.mui.fuck	source_filename = C:\\Boot\hu-HU\memtest.exe.mui	1	Fn
Move	C:\\Boot\it-IT\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\it-IT\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\it-IT\memtest.exe.mui.fuck	source_filename = C:\\Boot\it-IT\memtest.exe.mui	1	Fn
Move	C:\\Boot\ja-JP\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\ja-JP\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\ja-JP\memtest.exe.mui.fuck	source_filename = C:\\Boot\ja-JP\memtest.exe.mui	1	Fn
Move	C:\\Boot\ko-KR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\ko-KR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\ko-KR\memtest.exe.mui.fuck	source_filename = C:\\Boot\ko-KR\memtest.exe.mui	1	Fn
Move	C:\\Boot\lt-LT\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\lt-LT\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\lv-LV\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\lv-LV\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\nb-NO\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\nb-NO\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\nb-NO\memtest.exe.mui.fuck	source_filename = C:\\Boot\nb-NO\memtest.exe.mui	1	Fn
Move	C:\\Boot\nl-NL\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\nl-NL\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\nl-NL\memtest.exe.mui.fuck	source_filename = C:\\Boot\nl-NL\memtest.exe.mui	1	Fn
Move	C:\\Boot\pl-PL\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\pl-PL\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\pl-PL\memtest.exe.mui.fuck	source_filename = C:\\Boot\pl-PL\memtest.exe.mui	1	Fn
Move	C:\\Boot\pt-BR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\pt-BR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\pt-BR\memtest.exe.mui.fuck	source_filename = C:\\Boot\pt-BR\memtest.exe.mui	1	Fn
Move	C:\\Boot\pt-PT\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\pt-PT\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\pt-PT\memtest.exe.mui.fuck	source_filename = C:\\Boot\pt-PT\memtest.exe.mui	1	Fn
Move	C:\\Boot\qps-ploc\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\qps-ploc\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\qps-ploc\memtest.exe.mui.fuck	source_filename = C:\\Boot\qps-ploc\memtest.exe.mui	1	Fn
Move	C:\\Boot\Resources\en-US\bootres.dll.mui.fuck	source_filename = C:\\Boot\Resources\en-US\bootres.dll.mui	1	Fn
Move	C:\\Boot\ro-RO\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\ro-RO\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\ru-RU\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\ru-RU\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\ru-RU\memtest.exe.mui.fuck	source_filename = C:\\Boot\ru-RU\memtest.exe.mui	1	Fn
Move	C:\\Boot\sk-SK\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\sk-SK\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\sl-SI\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\sl-SI\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\sr-Latn-CS\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\sr-Latn-CS\memtest.exe.mui.fuck	source_filename = C:\\Boot\sr-Latn-CS\memtest.exe.mui	1	Fn
Move	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\sr-Latn-RS\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\sv-SE\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\sv-SE\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\sv-SE\memtest.exe.mui.fuck	source_filename = C:\\Boot\sv-SE\memtest.exe.mui	1	Fn
Move	C:\\Boot\tr-TR\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\tr-TR\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\tr-TR\memtest.exe.mui.fuck	source_filename = C:\\Boot\tr-TR\memtest.exe.mui	1	Fn
Move	C:\\Boot\uk-UA\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\uk-UA\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\zh-CN\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\zh-CN\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\zh-CN\memtest.exe.mui.fuck	source_filename = C:\\Boot\zh-CN\memtest.exe.mui	1	Fn
Move	C:\\Boot\zh-HK\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\zh-HK\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\zh-HK\memtest.exe.mui.fuck	source_filename = C:\\Boot\zh-HK\memtest.exe.mui	1	Fn
Move	C:\\Boot\zh-TW\bootmgr.exe.mui.fuck	source_filename = C:\\Boot\zh-TW\bootmgr.exe.mui	1	Fn
Move	C:\\Boot\zh-TW\memtest.exe.mui.fuck	source_filename = C:\\Boot\zh-TW\memtest.exe.mui	1	Fn
Move	C:\\BOOTSECT.BAK.fuck	source_filename = C:\\BOOTSECT.BAK	1	Fn
Move	C:\\hiberfil.sys.fuck	source_filename = C:\\hiberfil.sys	1	Fn
Move	C:\\pagefile.sys.fuck	source_filename = C:\\pagefile.sys	1	Fn
Read	System Paging File	size = 4294967295, size_out = 0	1	Fn
Read	System Paging File	size = 14, size_out = 0	1	Fn
Read	System Paging File	size = 4294967282, size_out = 0	1	Fn
Read	System Paging File	size = 0, size_out = 0	1	Fn
Read	System Paging File	size = 896, size_out = 0	83	Fn
Read	C:\\Boot\BOOTSTAT.DAT	size = 896, size_out = 896	73	Fn Data
Read	C:\\Boot\BOOTSTAT.DAT	size = 896, size_out = 128	1	Fn Data
Read	C:\\BOOTSECT.BAK	size = 896, size_out = 896	9	Fn Data
Read	C:\\BOOTSECT.BAK	size = 896, size_out = 128	1	Fn Data
Read	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp	size = 896, size_out = 896	249	Fn Data
Write	STD_OUTPUT_HANDLE	size = 1	50	Fn Data
Write	STD_OUTPUT_HANDLE	size = 2	3	Fn Data
Write	C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\$Recycle.Bin\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\BCD.LOG.gsg	size = 128	1	Fn Data
Write	C:\\Boot\BCD.LOG.gsg	size = 16	1	Fn Data
Write	C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\bg-BG\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\BOOTSTAT.DAT.gsg	size = 128	1	Fn Data
Write	C:\\Boot\BOOTSTAT.DAT.gsg	size = 896	73	Fn Data
Write	C:\\Boot\BOOTSTAT.DAT.gsg	size = 144	1	Fn Data
Write	C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\cs-CZ\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\cs-CZ\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\cs-CZ\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\da-DK\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\da-DK\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\da-DK\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\da-DK\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\da-DK\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\de-DE\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\de-DE\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\de-DE\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\de-DE\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\de-DE\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\el-GR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\el-GR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\el-GR\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\el-GR\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\el-GR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\en-GB\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\en-GB\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\en-GB\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\en-US\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\en-US\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\en-US\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\en-US\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\en-US\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\es-ES\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\es-ES\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\es-ES\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\es-ES\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\es-ES\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\es-MX\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\es-MX\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\es-MX\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\et-EE\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\et-EE\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\et-EE\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\fi-FI\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\fi-FI\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\fi-FI\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\Fonts\chs_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\chs_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\cht_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\cht_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\jpn_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\jpn_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\kor_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\kor_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\malgunn_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\malgunn_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\malgun_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\malgun_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\meiryon_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\meiryon_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\meiryo_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\meiryo_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\msjhn_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\msjhn_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\msjh_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\msjh_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\msyhn_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\msyhn_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\msyh_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\msyh_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\segmono_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\segmono_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\segoen_slboot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\segoen_slboot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\segoe_slboot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\segoe_slboot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\wgl4_boot.ttf.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Fonts\wgl4_boot.ttf.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Fonts\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\fr-CA\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\fr-FR\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\fr-FR\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\fr-FR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\hr-HR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\hu-HU\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\hu-HU\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\hu-HU\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\it-IT\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\it-IT\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\it-IT\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\it-IT\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\it-IT\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ja-JP\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ja-JP\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ja-JP\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ko-KR\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ko-KR\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ko-KR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\lt-LT\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\lv-LV\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\nb-NO\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\nb-NO\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\nb-NO\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\nl-NL\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\nl-NL\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\nl-NL\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pl-PL\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pl-PL\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pl-PL\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pt-BR\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pt-BR\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pt-BR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pt-PT\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\pt-PT\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\pt-PT\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\qps-ploc\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\qps-ploc\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\qps-ploc\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\Resources\en-US\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\Resources\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ro-RO\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ru-RU\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\ru-RU\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\ru-RU\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sk-SK\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sl-SI\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sr-Latn-CS\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sr-Latn-RS\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sv-SE\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\sv-SE\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\sv-SE\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\tr-TR\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\tr-TR\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\tr-TR\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\uk-UA\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-CN\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-CN\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-CN\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-HK\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-HK\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-HK\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-TW\memtest.exe.mui.gsg	size = 128	1	Fn Data
Write	C:\\Boot\zh-TW\memtest.exe.mui.gsg	size = 16	1	Fn Data
Write	C:\\Boot\zh-TW\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Boot\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\BOOTSECT.BAK.gsg	size = 128	1	Fn Data
Write	C:\\BOOTSECT.BAK.gsg	size = 896	9	Fn Data
Write	C:\\BOOTSECT.BAK.gsg	size = 144	1	Fn Data
Write	C:\\Config.Msi\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\Documents and Settings\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\hiberfil.sys.gsg	size = 128	1	Fn Data
Write	C:\\hiberfil.sys.gsg	size = 16	1	Fn Data
Write	C:\\pagefile.sys.gsg	size = 128	1	Fn Data
Write	C:\\pagefile.sys.gsg	size = 16	1	Fn Data
Write	C:\\PerfLogs\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\ProgramData\Adobe\ARM\Reader_15.007.20033\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\ProgramData\Adobe\ARM\Reader_15.023.20070\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\ProgramData\Adobe\ARM\Reader_17.009.20058\README_BACK_FILES.htm	size = 1516	1	Fn Data
Write	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	size = 128	1	Fn Data
Write	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	size = 896	249	Fn Data
Delete	C:\\Boot\BCD.LOG.gsg	-	1	Fn
Delete	C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\BOOTSTAT.DAT.gsg	-	1	Fn
Delete	C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\cs-CZ\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\da-DK\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\da-DK\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\de-DE\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\de-DE\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\el-GR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\el-GR\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\en-GB\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\en-US\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\en-US\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\es-ES\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\es-ES\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\es-MX\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\et-EE\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\fi-FI\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\chs_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\cht_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\jpn_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\kor_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\malgunn_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\malgun_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\meiryon_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\meiryo_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\msjhn_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\msjh_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\msyhn_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\msyh_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\segmono_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\segoen_slboot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\segoe_slboot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\Fonts\wgl4_boot.ttf.gsg	-	1	Fn
Delete	C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\fr-FR\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\hu-HU\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\it-IT\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\it-IT\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ja-JP\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ko-KR\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\nb-NO\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\nl-NL\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pl-PL\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pt-BR\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\pt-PT\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\qps-ploc\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	-	1	Fn
Delete	C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\ru-RU\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\sv-SE\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\tr-TR\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-CN\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-HK\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	-	1	Fn
Delete	C:\\Boot\zh-TW\memtest.exe.mui.gsg	-	1	Fn
Delete	C:\\BOOTSECT.BAK.gsg	-	1	Fn
Delete	C:\\hiberfil.sys.gsg	-	1	Fn
Delete	C:\\pagefile.sys.gsg	-	1	Fn

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\FUCK\	-	1	Fn
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\FUCK\	value_name = PERSONALID, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\FUCK\	value_name = PERSONALID, data = zMlQmGdpLLDFBsqtfeUO, size = 20, type = REG_SZ	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = HD AUDIO, data = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 42, type = REG_SZ	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	cmd /c vssadmin delete shadows /all /quiet	os_pid = 0xcb4, creation_flags = CREATE_REALTIME_PRIORITY_CLASS, show_window = SW_HIDE		1	Fn

Module (227)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.dll	base_address = 0x75260000	1	Fn
Load	USER32.dll	base_address = 0x77150000	1	Fn
Load	ADVAPI32.dll	base_address = 0x76a10000	1	Fn
Load	CRYPT32.dll	base_address = 0x77ab0000	1	Fn
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x74e70000	1	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x74e70000	1	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x74e70000	1	Fn
Load	api-ms-win-core-sysinfo-l1-2-1	base_address = 0x74e70000	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-2	base_address = 0x77c30000	1	Fn
Load	kernel32	base_address = 0x75260000	1	Fn
Load	api-ms-win-core-string-l1-1-0	base_address = 0x74e70000	1	Fn
Load	api-ms-win-core-datetime-l1-1-1	base_address = 0x74e70000	1	Fn
Load	api-ms-win-core-localization-obsolete-l1-2-0	base_address = 0x74e70000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75260000	15	Fn
Get Handle	c:\users\ciihmnxmn6ps\desktop\twitchru.exe	base_address = 0x400000	2	Fn
Get Handle	c:\windows\syswow64\ntdll.dll	base_address = 0x77ca0000	2	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x76a10000	2	Fn
Get Filename	-	process_name = c:\users\ciihmnxmn6ps\desktop\twitchru.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 260	3	Fn
Get Filename	-	process_name = c:\users\ciihmnxmn6ps\desktop\twitchru.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 256	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x7527a330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x75277580	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x75279910	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x7527f400	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77cff190	10	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77cfa200	7	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x75279680	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesA, address_out = 0x75286310	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesA, address_out = 0x75286500	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x75283a30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x752864a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileA, address_out = 0x7527c510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x752861a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32Next, address_out = 0x7527c8e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileA, address_out = 0x75286210	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileA, address_out = 0x75286270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x752861d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x752864f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x75286920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77cf4f40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x7527fbc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x7527f6f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x752792b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32First, address_out = 0x7527ed60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x75287510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75286590	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x75286170	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x7527efc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x7527a390	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7527a040	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x752862f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDriveStringsA, address_out = 0x7529e9a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75285f20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x75286110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x752a0960	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x7527a060	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileA, address_out = 0x7527c240	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleWindow, address_out = 0x752c6940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x752775a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x75285f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObjectEx, address_out = 0x75286120	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x752777b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x75272da0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x752775c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x75271b90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeThread, address_out = 0x7527eed0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x77ce5e80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77ce5e00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TryEnterCriticalSection, address_out = 0x77cf9070	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x77cf9920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x75272db0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x75272d60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x75272dc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x75272af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x75286020	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x75285fa0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x75279a70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x75271ba0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x75271da0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x75279930	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x75272b90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x752857f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x75279660	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x75277940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x75282230	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x75279a40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x7527c800	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x752779b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x75279fc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x752a28e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x7527a2c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x75271d90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSListHead, address_out = 0x77d01fc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7527a790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x7527a080	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueue, address_out = 0x752a0ae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x752860c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SignalObjectAndWait, address_out = 0x752a2850	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x75279f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x75279700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadPriority, address_out = 0x75279490	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadPriority, address_out = 0x752796a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x7527a550	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueueTimer, address_out = 0x75284a00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ChangeTimerQueueTimer, address_out = 0x752a07c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteTimerQueueTimer, address_out = 0x75284a20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetNumaHighestNodeNumber, address_out = 0x7527a7e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x7527a220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadAffinityMask, address_out = 0x7527e0e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RegisterWaitForSingleObject, address_out = 0x75279580	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWait, address_out = 0x7527ed20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadTimes, address_out = 0x75279f80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x752798f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryAndExitThread, address_out = 0x7527a570	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75279560	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x75279640	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x75277920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExW, address_out = 0x7527a2a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75278b70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x75278c50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x75278c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReleaseSemaphore, address_out = 0x752860a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPopEntrySList, address_out = 0x77cf8ef0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPushEntrySList, address_out = 0x77cf8ed0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedFlushSList, address_out = 0x77d01ee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryDepthSList, address_out = 0x77cf98c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWaitEx, address_out = 0x7527eb50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x7527a0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x75279a80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x75279ec0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x77cdda90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitThread, address_out = 0x77d02570	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x75279fa0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x752725e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77cdbae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x752874f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x7527a3c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x7527a4b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x75278770	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x75286390	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x7527a3f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x75282350	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x7527f9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x752862a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x75286860	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x75286870	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x75286540	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x75277910	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileExA, address_out = 0x75286220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x7527a090	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7527fd10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x7527a3b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x7527a0f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x752a2560	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x752a26a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x752868e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75286180	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x771852a0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDeriveKey, address_out = 0x76a45b70	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExA, address_out = 0x76a2f510	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExA, address_out = 0x76a30750	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x76a2efa0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextA, address_out = 0x76a30c00	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x76a30ad0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyKey, address_out = 0x76a2fc10	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x76a2fbf0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegGetValueA, address_out = 0x76a30da0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x76a2f950	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x76a2f930	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x76a45bd0	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x77af8040	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptDecodeObjectEx, address_out = 0x77ae4470	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptImportPublicKeyInfo, address_out = 0x77afde80	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptBinaryToStringA, address_out = 0x77ad2290	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsSetValue, address_out = 0x74f23770	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = InitializeCriticalSectionEx, address_out = 0x74f23ae0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsAlloc, address_out = 0x74f26530	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsGetValue, address_out = 0x74f1a7b0	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LCMapStringEx, address_out = 0x74f13690	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetSystemTimePreciseAsFileTime, address_out = 0x74f308e0	1	Fn
Get Address	c:\windows\syswow64\kernel.appcore.dll	function = AppPolicyGetThreadInitializationType, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x7527f9b0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = CompareStringEx, address_out = 0x74f14500	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = EnumSystemLocalesEx, address_out = 0x74f2e350	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetDateFormatEx, address_out = 0x74f7b710	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetLocaleInfoEx, address_out = 0x74f0d3f0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetTimeFormatEx, address_out = 0x74f7b9e0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetUserDefaultLocaleName, address_out = 0x74f22510	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = IsValidLocaleName, address_out = 0x74f0c210	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LCIDToLocaleName, address_out = 0x74f204a0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LocaleNameToLCID, address_out = 0x74f264c0	1	Fn

Window (1)

Operation	Window Name	Additional Information	Success	Count	Logfile
Create	End	class_name = EndJoin, wndproc_parameter = 0		1	Fn

System (464)

Operation	Additional Information	Count	Logfile
Get Cursor	x_out = 1185, y_out = 529	1	Fn
Get Time	type = Ticks, time = 126703	1	Fn
Get Time	type = Ticks, time = 126937	3	Fn
Get Time	type = Ticks, time = 126968	2	Fn
Get Time	type = Ticks, time = 126984	2	Fn
Get Time	type = Ticks, time = 127000	5	Fn
Get Time	type = Ticks, time = 127015	2	Fn
Get Time	type = Ticks, time = 127031	4	Fn
Get Time	type = Ticks, time = 127046	4	Fn
Get Time	type = Ticks, time = 127062	4	Fn
Get Time	type = Ticks, time = 127078	6	Fn
Get Time	type = Ticks, time = 127093	4	Fn
Get Time	type = Ticks, time = 127109	5	Fn
Get Time	type = Ticks, time = 127125	3	Fn
Get Time	type = Ticks, time = 127156	3	Fn
Get Time	type = Ticks, time = 127171	5	Fn
Get Time	type = Ticks, time = 127187	4	Fn
Get Time	type = Ticks, time = 127203	5	Fn
Get Time	type = Ticks, time = 127218	6	Fn
Get Time	type = Ticks, time = 127234	6	Fn
Get Time	type = Ticks, time = 127250	6	Fn
Get Time	type = Ticks, time = 127265	8	Fn
Get Time	type = Ticks, time = 127281	5	Fn
Get Time	type = Ticks, time = 127296	7	Fn
Get Time	type = Ticks, time = 127312	5	Fn
Get Time	type = Ticks, time = 127328	5	Fn
Get Time	type = Ticks, time = 127343	6	Fn
Get Time	type = Ticks, time = 127359	5	Fn
Get Time	type = Ticks, time = 127375	4	Fn
Get Time	type = Ticks, time = 127390	4	Fn
Get Time	type = Ticks, time = 127406	4	Fn
Get Time	type = Ticks, time = 127421	4	Fn
Get Time	type = Ticks, time = 127437	3	Fn
Get Time	type = Ticks, time = 127453	3	Fn
Get Time	type = Ticks, time = 127468	7	Fn
Get Time	type = Ticks, time = 127484	2	Fn
Get Time	type = Ticks, time = 127500	3	Fn
Get Time	type = Ticks, time = 127515	2	Fn
Get Time	type = Ticks, time = 127531	6	Fn
Get Time	type = Ticks, time = 127546	5	Fn
Get Time	type = Ticks, time = 127562	5	Fn
Get Time	type = Ticks, time = 127578	4	Fn
Get Time	type = Ticks, time = 127593	5	Fn
Get Time	type = Ticks, time = 127609	3	Fn
Get Time	type = Ticks, time = 127625	6	Fn
Get Time	type = Ticks, time = 127640	5	Fn
Get Time	type = Ticks, time = 127656	8	Fn
Get Time	type = Ticks, time = 127671	6	Fn
Get Time	type = Ticks, time = 127687	3	Fn
Get Time	type = Ticks, time = 127750	3	Fn
Get Time	type = Ticks, time = 127765	7	Fn
Get Time	type = Ticks, time = 127781	6	Fn
Get Time	type = Ticks, time = 127796	9	Fn
Get Time	type = Ticks, time = 127812	8	Fn
Get Time	type = Ticks, time = 127828	9	Fn
Get Time	type = Ticks, time = 127843	9	Fn
Get Time	type = Ticks, time = 127859	10	Fn
Get Time	type = Ticks, time = 127875	9	Fn
Get Time	type = Ticks, time = 127890	7	Fn
Get Time	type = Ticks, time = 127906	10	Fn
Get Time	type = Ticks, time = 127921	9	Fn
Get Time	type = Ticks, time = 127937	5	Fn
Get Time	type = Ticks, time = 127953	5	Fn
Get Time	type = Ticks, time = 127968	10	Fn
Get Time	type = Ticks, time = 127984	10	Fn
Get Time	type = Ticks, time = 128000	7	Fn
Get Time	type = Ticks, time = 128015	8	Fn
Get Time	type = Ticks, time = 128031	7	Fn
Get Time	type = Ticks, time = 128046	1	Fn
Get Time	type = Ticks, time = 128062	1	Fn
Get Time	type = Ticks, time = 128078	7	Fn
Get Time	type = Ticks, time = 128093	6	Fn
Get Time	type = Ticks, time = 128109	9	Fn
Get Time	type = Ticks, time = 128125	11	Fn
Get Time	type = Ticks, time = 128156	9	Fn
Get Time	type = Ticks, time = 128171	13	Fn
Get Time	type = Ticks, time = 128187	11	Fn
Get Time	type = Ticks, time = 128203	9	Fn
Get Time	type = Ticks, time = 128218	1	Fn
Get Time	type = Ticks, time = 128234	5	Fn
Get Time	type = Ticks, time = 128250	9	Fn
Get Time	type = Ticks, time = 128265	9	Fn
Get Time	type = System Time, time = 2018-12-06 21:44:17 (UTC)	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #3: cmd.exe

Information	Value
ID	#3
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd /c vssadmin delete shadows /all /quiet
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor	Start Time: 00:01:59, Reason: Child Process
Unmonitor	End Time: 00:02:07, Reason: Self Terminated
Monitor Duration	00:00:08

OS Process Information

Information	Value
PID	0xcb4
Parent PID	0x56c (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x CB8 0x CBC

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x00000000006a0000	0x006a0000	0x006bffff	Private Memory	rw	-
pagefile_0x00000000006a0000	0x006a0000	0x006affff	Pagefile Backed Memory	rw	-
private_0x00000000006b0000	0x006b0000	0x006b3fff	Private Memory	rw	-
private_0x00000000006c0000	0x006c0000	0x006c0fff	Private Memory	rw	-
private_0x00000000006c0000	0x006c0000	0x006c3fff	Private Memory	rw	-
pagefile_0x00000000006d0000	0x006d0000	0x006e3fff	Pagefile Backed Memory	r	-
private_0x00000000006f0000	0x006f0000	0x0072ffff	Private Memory	rw	-
private_0x0000000000730000	0x00730000	0x0082ffff	Private Memory	rw	-
pagefile_0x0000000000830000	0x00830000	0x00833fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000840000	0x00840000	0x00840fff	Pagefile Backed Memory	r	-
private_0x0000000000850000	0x00850000	0x00851fff	Private Memory	rw	-
locale.nls	0x00860000	0x0091dfff	Memory Mapped File	r	-
private_0x0000000000920000	0x00920000	0x0095ffff	Private Memory	rw	-
private_0x0000000000a40000	0x00a40000	0x00a4ffff	Private Memory	rw	-
private_0x0000000000a50000	0x00a50000	0x00b4ffff	Private Memory	rw	-
private_0x0000000000b90000	0x00b90000	0x00c8ffff	Private Memory	rw	-
cmd.exe	0x00e10000	0x00e5ffff	Memory Mapped File	rwx	-
pagefile_0x0000000000e60000	0x00e60000	0x04e5ffff	Pagefile Backed Memory	-	-
private_0x0000000004fe0000	0x04fe0000	0x04feffff	Private Memory	rw	-
sortdefault.nls	0x04ff0000	0x05326fff	Memory Mapped File	r	-
wow64cpu.dll	0x64ae0000	0x64ae7fff	Memory Mapped File	rwx	-
wow64win.dll	0x64af0000	0x64b62fff	Memory Mapped File	rwx	-
wow64.dll	0x64b70000	0x64bbefff	Memory Mapped File	rwx	-
kernelbase.dll	0x74e70000	0x74fe5fff	Memory Mapped File	rwx	-
kernel32.dll	0x75260000	0x7534ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x779f0000	0x77aadfff	Memory Mapped File	rwx	-
ntdll.dll	0x77ca0000	0x77e18fff	Memory Mapped File	rwx	-
pagefile_0x000000007ec90000	0x7ec90000	0x7ed8ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ed90000	0x7ed90000	0x7edb2fff	Pagefile Backed Memory	r	-
private_0x000000007edb8000	0x7edb8000	0x7edb8fff	Private Memory	rw	-
private_0x000000007edb9000	0x7edb9000	0x7edb9fff	Private Memory	rw	-
private_0x000000007edba000	0x7edba000	0x7edbcfff	Private Memory	rw	-
private_0x000000007edbd000	0x7edbd000	0x7edbffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7df8ee37ffff	Private Memory	r	-
pagefile_0x00007df8ee380000	0x7df8ee380000	0x7ff8ee37ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ff8ee380000	0x7ff8ee541fff	Memory Mapped File	rwx	-
private_0x00007ff8ee542000	0x7ff8ee542000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

File (10)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\CIiHmnxMn6Ps\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	5	Fn
Open	STD_INPUT_HANDLE	-	3	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 56, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\vssadmin.exe	os_pid = 0xcc0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0xe10000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75260000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x752a2780	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x7527fa80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7527a790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x74f835c0	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000002	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #4: vssadmin.exe

Information	Value
ID	#4
File Name	c:\windows\syswow64\vssadmin.exe
Command Line	vssadmin delete shadows /all /quiet
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor	Start Time: 00:02:00, Reason: Child Process
Unmonitor	End Time: 00:02:07, Reason: Self Terminated
Monitor Duration	00:00:07
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xcc0
Parent PID	0xcb4 (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x CC4 0x CC8 0x CCC 0x CD0 0x D00 0x D04 0x D08

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000060000	0x00060000	0x0007ffff	Private Memory	rw	-
pagefile_0x0000000000060000	0x00060000	0x0006ffff	Pagefile Backed Memory	rw	-
private_0x0000000000070000	0x00070000	0x00073fff	Private Memory	rw	-
private_0x0000000000080000	0x00080000	0x00081fff	Private Memory	rw	-
vssadmin.exe.mui	0x00080000	0x0008cfff	Memory Mapped File	r	-
pagefile_0x0000000000090000	0x00090000	0x000a3fff	Pagefile Backed Memory	r	-
private_0x00000000000b0000	0x000b0000	0x000effff	Private Memory	rw	-
private_0x00000000000f0000	0x000f0000	0x0012ffff	Private Memory	rw	-
pagefile_0x0000000000130000	0x00130000	0x00133fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000140000	0x00140000	0x00140fff	Pagefile Backed Memory	r	-
private_0x0000000000150000	0x00150000	0x00151fff	Private Memory	rw	-
private_0x0000000000160000	0x00160000	0x0019ffff	Private Memory	rw	-
private_0x00000000001a0000	0x001a0000	0x001dffff	Private Memory	rw	-
private_0x00000000001e0000	0x001e0000	0x001e0fff	Private Memory	rw	-
private_0x00000000001f0000	0x001f0000	0x002effff	Private Memory	rw	-
private_0x00000000002f0000	0x002f0000	0x0032ffff	Private Memory	rw	-
private_0x0000000000330000	0x00330000	0x00330fff	Private Memory	rw	-
private_0x0000000000340000	0x00340000	0x00343fff	Private Memory	rw	-
private_0x0000000000350000	0x00350000	0x0035ffff	Private Memory	rw	-
locale.nls	0x00360000	0x0041dfff	Memory Mapped File	r	-
private_0x0000000000420000	0x00420000	0x0045ffff	Private Memory	rw	-
private_0x0000000000460000	0x00460000	0x0049ffff	Private Memory	rw	-
private_0x00000000004a0000	0x004a0000	0x004dffff	Private Memory	rw	-
pagefile_0x00000000004e0000	0x004e0000	0x004e0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000004f0000	0x004f0000	0x004f0fff	Pagefile Backed Memory	r	-
private_0x00000000005a0000	0x005a0000	0x005affff	Private Memory	rw	-
pagefile_0x00000000005b0000	0x005b0000	0x00737fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000740000	0x00740000	0x008c0fff	Pagefile Backed Memory	r	-
vssadmin.exe	0x013d0000	0x013edfff	Memory Mapped File	rwx	-
pagefile_0x00000000013f0000	0x013f0000	0x053effff	Pagefile Backed Memory	-	-
pagefile_0x00000000053f0000	0x053f0000	0x067effff	Pagefile Backed Memory	r	-
wow64cpu.dll	0x64ae0000	0x64ae7fff	Memory Mapped File	rwx	-
wow64win.dll	0x64af0000	0x64b62fff	Memory Mapped File	rwx	-
wow64.dll	0x64b70000	0x64bbefff	Memory Mapped File	rwx	-
rsaenh.dll	0x745f0000	0x7461efff	Memory Mapped File	rwx	-
cryptsp.dll	0x74620000	0x74632fff	Memory Mapped File	rwx	-
vssapi.dll	0x74640000	0x7475afff	Memory Mapped File	rwx	-
vsstrace.dll	0x74760000	0x74770fff	Memory Mapped File	rwx	-
atl.dll	0x74780000	0x74797fff	Memory Mapped File	rwx	-
bcrypt.dll	0x74a40000	0x74a5afff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74d40000	0x74d98fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74da0000	0x74da9fff	Memory Mapped File	rwx	-
sspicli.dll	0x74db0000	0x74dcdfff	Memory Mapped File	rwx	-
kernelbase.dll	0x74e70000	0x74fe5fff	Memory Mapped File	rwx	-
kernel32.dll	0x75260000	0x7534ffff	Memory Mapped File	rwx	-
imm32.dll	0x75400000	0x7542afff	Memory Mapped File	rwx	-
clbcatq.dll	0x76820000	0x768a1fff	Memory Mapped File	rwx	-
ws2_32.dll	0x769b0000	0x76a0bfff	Memory Mapped File	rwx	-
advapi32.dll	0x76a10000	0x76a8afff	Memory Mapped File	rwx	-
sechost.dll	0x76c40000	0x76c82fff	Memory Mapped File	rwx	-
oleaut32.dll	0x76c90000	0x76d21fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x76d90000	0x76e3bfff	Memory Mapped File	rwx	-
combase.dll	0x76e40000	0x76ff9fff	Memory Mapped File	rwx	-
gdi32.dll	0x77000000	0x7714cfff	Memory Mapped File	rwx	-
user32.dll	0x77150000	0x7728ffff	Memory Mapped File	rwx	-
shlwapi.dll	0x77290000	0x772d3fff	Memory Mapped File	rwx	-
nsi.dll	0x773e0000	0x773e6fff	Memory Mapped File	rwx	-
msctf.dll	0x778d0000	0x779effff	Memory Mapped File	rwx	-
msvcrt.dll	0x779f0000	0x77aadfff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x77c30000	0x77c3bfff	Memory Mapped File	rwx	-
ntdll.dll	0x77ca0000	0x77e18fff	Memory Mapped File	rwx	-
private_0x000000007f61d000	0x7f61d000	0x7f61ffff	Private Memory	rw	-
pagefile_0x000000007f620000	0x7f620000	0x7f71ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007f720000	0x7f720000	0x7f742fff	Pagefile Backed Memory	r	-
private_0x000000007f743000	0x7f743000	0x7f745fff	Private Memory	rw	-
private_0x000000007f746000	0x7f746000	0x7f748fff	Private Memory	rw	-
private_0x000000007f749000	0x7f749000	0x7f74bfff	Private Memory	rw	-
private_0x000000007f74c000	0x7f74c000	0x7f74cfff	Private Memory	rw	-
private_0x000000007f74f000	0x7f74f000	0x7f74ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7df8ee37ffff	Private Memory	r	-
pagefile_0x00007df8ee380000	0x7df8ee380000	0x7ff8ee37ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ff8ee380000	0x7ff8ee541fff	Memory Mapped File	rwx	-
private_0x00007ff8ee542000	0x7ff8ee542000	0x7ffffffeffff	Private Memory	r	-

Process #5: twitchru.exe

Information	Value
ID	#5
File Name	c:\users\ciihmnxmn6ps\desktop\twitchru.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"
Initial Working Directory	C:\Windows\
Monitor	Start Time: 00:02:20, Reason: Child Process
Unmonitor	End Time: 00:02:31, Reason: Self Terminated
Monitor Duration	00:00:11
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xd18
Parent PID	0x56c (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	-

Process #6: werfault.exe

Information	Value
ID	#6
File Name	c:\windows\syswow64\werfault.exe
Command Line	C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 23912
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:21, Reason: Child Process
Unmonitor	End Time: 00:02:35, Reason: Self Terminated
Monitor Duration	00:00:14
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xd64
Parent PID	0x56c (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x D68 0x D88 0x D8C 0x DB4 0x F00

Region

Name	Start VA	End VA	Type	Permissions	Actions
werfault.exe	0x00a80000	0x00ac2fff	Memory Mapped File	rwx	-
pagefile_0x0000000000d30000	0x00d30000	0x04d2ffff	Pagefile Backed Memory	-	-
private_0x0000000004d30000	0x04d30000	0x04d4ffff	Private Memory	rw	-
pagefile_0x0000000004d30000	0x04d30000	0x04d3ffff	Pagefile Backed Memory	rw	-
private_0x0000000004d40000	0x04d40000	0x04d43fff	Private Memory	rw	-
private_0x0000000004d50000	0x04d50000	0x04d50fff	Private Memory	rw	-
pagefile_0x0000000004d60000	0x04d60000	0x04d73fff	Pagefile Backed Memory	r	-
private_0x0000000004d80000	0x04d80000	0x04dbffff	Private Memory	rw	-
private_0x0000000004dc0000	0x04dc0000	0x04dfffff	Private Memory	rw	-
pagefile_0x0000000004e00000	0x04e00000	0x04e03fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004e10000	0x04e10000	0x04e12fff	Pagefile Backed Memory	r	-
private_0x0000000004e20000	0x04e20000	0x04e21fff	Private Memory	rw	-
private_0x0000000004e30000	0x04e30000	0x04e6ffff	Private Memory	rw	-
private_0x0000000004e70000	0x04e70000	0x04eaffff	Private Memory	rw	-
private_0x0000000004eb0000	0x04eb0000	0x04ebffff	Private Memory	rw	-
private_0x0000000004ee0000	0x04ee0000	0x04fdffff	Private Memory	rw	-
locale.nls	0x04fe0000	0x0509dfff	Memory Mapped File	r	-
private_0x00000000050a0000	0x050a0000	0x050dffff	Private Memory	rw	-
private_0x00000000050e0000	0x050e0000	0x0511ffff	Private Memory	rw	-
private_0x0000000005120000	0x05120000	0x0515ffff	Private Memory	rw	-
private_0x0000000005160000	0x05160000	0x0519ffff	Private Memory	rw	-
private_0x00000000051a0000	0x051a0000	0x051dffff	Private Memory	rw	-
private_0x00000000051e0000	0x051e0000	0x0521ffff	Private Memory	rw	-
private_0x0000000005260000	0x05260000	0x0526ffff	Private Memory	rw	-
wow64cpu.dll	0x64ae0000	0x64ae7fff	Memory Mapped File	rwx	-
wow64win.dll	0x64af0000	0x64b62fff	Memory Mapped File	rwx	-
wow64.dll	0x64b70000	0x64bbefff	Memory Mapped File	rwx	-
dbghelp.dll	0x744a0000	0x745defff	Memory Mapped File	rwx	-
wer.dll	0x745e0000	0x74664fff	Memory Mapped File	rwx	-
faultrep.dll	0x74670000	0x746c2fff	Memory Mapped File	rwx	-
devobj.dll	0x746d0000	0x746f0fff	Memory Mapped File	rwx	-
bcrypt.dll	0x74a40000	0x74a5afff	Memory Mapped File	rwx	-
dbgcore.dll	0x74d10000	0x74d30fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74d40000	0x74d98fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74da0000	0x74da9fff	Memory Mapped File	rwx	-
sspicli.dll	0x74db0000	0x74dcdfff	Memory Mapped File	rwx	-
kernelbase.dll	0x74e70000	0x74fe5fff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x75220000	0x75255fff	Memory Mapped File	rwx	-
kernel32.dll	0x75260000	0x7534ffff	Memory Mapped File	rwx	-
advapi32.dll	0x76a10000	0x76a8afff	Memory Mapped File	rwx	-
sechost.dll	0x76c40000	0x76c82fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x76d90000	0x76e3bfff	Memory Mapped File	rwx	-
combase.dll	0x76e40000	0x76ff9fff	Memory Mapped File	rwx	-
shcore.dll	0x77340000	0x773ccfff	Memory Mapped File	rwx	-
msvcrt.dll	0x779f0000	0x77aadfff	Memory Mapped File	rwx	-
ntdll.dll	0x77ca0000	0x77e18fff	Memory Mapped File	rwx	-
private_0x000000007f47a000	0x7f47a000	0x7f47cfff	Private Memory	rw	-
private_0x000000007f47d000	0x7f47d000	0x7f47ffff	Private Memory	rw	-
pagefile_0x000000007f480000	0x7f480000	0x7f57ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007f580000	0x7f580000	0x7f5a2fff	Pagefile Backed Memory	r	-
private_0x000000007f5a4000	0x7f5a4000	0x7f5a4fff	Private Memory	rw	-
private_0x000000007f5a6000	0x7f5a6000	0x7f5a8fff	Private Memory	rw	-
private_0x000000007f5a9000	0x7f5a9000	0x7f5abfff	Private Memory	rw	-
private_0x000000007f5ac000	0x7f5ac000	0x7f5aefff	Private Memory	rw	-
private_0x000000007f5af000	0x7f5af000	0x7f5affff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7df8ee37ffff	Private Memory	r	-
pagefile_0x00007df8ee380000	0x7df8ee380000	0x7ff8ee37ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ff8ee380000	0x7ff8ee541fff	Memory Mapped File	rwx	-
private_0x00007ff8ee542000	0x7ff8ee542000	0x7ffffffeffff	Private Memory	r	-

Process #7: twitchru.exe

90556

Information	Value
ID	#7
File Name	c:\users\ciihmnxmn6ps\desktop\twitchru.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:36, Reason: Autostart
Unmonitor	End Time: 00:04:51, Reason: Crashed
Monitor Duration	00:01:15

OS Process Information

Information	Value
PID	0x784
Parent PID	0x1a0 (c:\windows\system32\csrss.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 3E4 0x 138 0x 2D0 0x 760 0x 8AC 0x 7F8 0x 7F4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	rw	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	rw	-
private_0x0000000000020000	0x00020000	0x00023fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	rw	-
pagefile_0x0000000000040000	0x00040000	0x00053fff	Pagefile Backed Memory	r	-
private_0x0000000000060000	0x00060000	0x0009ffff	Private Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x0019ffff	Private Memory	rw	-
pagefile_0x00000000001a0000	0x001a0000	0x001a3fff	Pagefile Backed Memory	r	-
pagefile_0x00000000001b0000	0x001b0000	0x001b0fff	Pagefile Backed Memory	r	-
private_0x00000000001c0000	0x001c0000	0x001c1fff	Private Memory	rw	-
locale.nls	0x001d0000	0x0028dfff	Memory Mapped File	r	-
private_0x0000000000290000	0x00290000	0x00290fff	Private Memory	rw	-
oleaccrc.dll	0x002a0000	0x002a1fff	Memory Mapped File	r	-
private_0x00000000002b0000	0x002b0000	0x002b1fff	Private Memory	rw	-
private_0x00000000002c0000	0x002c0000	0x002cffff	Private Memory	rw	-
private_0x00000000002d0000	0x002d0000	0x003cffff	Private Memory	rw	-
private_0x00000000003d0000	0x003d0000	0x003d0fff	Private Memory	rw	-
private_0x00000000003e0000	0x003e0000	0x003e3fff	Private Memory	rw	-
private_0x00000000003f0000	0x003f0000	0x003f3fff	Private Memory	rw	-
twitchru.exe	0x00400000	0x0048afff	Memory Mapped File	rwx	... Region Actions Download Dump
private_0x0000000000490000	0x00490000	0x004cffff	Private Memory	rw	-
private_0x0000000000490000	0x00490000	0x00490fff	Private Memory	rw	-
pagefile_0x00000000004a0000	0x004a0000	0x004a0fff	Pagefile Backed Memory	rw	-
pagefile_0x00000000004a0000	0x004a0000	0x004adfff	Pagefile Backed Memory	rw	-
private_0x00000000004a0000	0x004a0000	0x004a5fff	Private Memory	rw	-
private_0x00000000004a0000	0x004a0000	0x004a0fff	Private Memory	rw	-
pagefile_0x00000000004b0000	0x004b0000	0x0052cfff	Pagefile Backed Memory	rw	-
pagefile_0x00000000004b0000	0x004b0000	0x004b1fff	Pagefile Backed Memory	rw	-
private_0x00000000004d0000	0x004d0000	0x005cffff	Private Memory	rw	-
private_0x00000000005d0000	0x005d0000	0x0060ffff	Private Memory	rw	-
private_0x0000000000610000	0x00610000	0x0070ffff	Private Memory	rw	-
pagefile_0x0000000000710000	0x00710000	0x00897fff	Pagefile Backed Memory	r	-
pagefile_0x00000000008a0000	0x008a0000	0x008a0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000008a0000	0x008a0000	0x008a3fff	Pagefile Backed Memory	r	-
private_0x00000000008b0000	0x008b0000	0x008b3fff	Private Memory	rw	-
pagefile_0x00000000008c0000	0x008c0000	0x008c1fff	Pagefile Backed Memory	r	-
private_0x00000000008d0000	0x008d0000	0x008dffff	Private Memory	rw	-
pagefile_0x00000000008e0000	0x008e0000	0x00a60fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000a70000	0x00a70000	0x01e6ffff	Pagefile Backed Memory	r	-
private_0x0000000001e70000	0x01e70000	0x01eaffff	Private Memory	rw	-
private_0x0000000001eb0000	0x01eb0000	0x01f2ffff	Private Memory	rw	-
windowsshell.manifest	0x01f30000	0x01f30fff	Memory Mapped File	r	-
pagefile_0x0000000001f30000	0x01f30000	0x01f30fff	Pagefile Backed Memory	r	-
private_0x0000000001f30000	0x01f30000	0x01f30fff	Private Memory	rw	-
pagefile_0x0000000001f40000	0x01f40000	0x01f41fff	Pagefile Backed Memory	r	-
private_0x0000000001f50000	0x01f50000	0x01f5bfff	Private Memory	rwx	-
private_0x0000000001f60000	0x01f60000	0x01f60fff	Private Memory	rw	-
private_0x0000000001f70000	0x01f70000	0x01f70fff	Private Memory	rw	-
private_0x0000000001f80000	0x01f80000	0x01f80fff	Private Memory	rw	-
private_0x0000000001f90000	0x01f90000	0x01f9ffff	Private Memory	rw	-
private_0x0000000001fa0000	0x01fa0000	0x0211ffff	Private Memory	rw	-
private_0x0000000001fa0000	0x01fa0000	0x0209ffff	Private Memory	rw	-
private_0x00000000020a0000	0x020a0000	0x020a0fff	Private Memory	rwx	-
private_0x00000000020a0000	0x020a0000	0x020affff	Private Memory	rw	-
pagefile_0x00000000020a0000	0x020a0000	0x020a4fff	Pagefile Backed Memory	rw	-
private_0x00000000020a0000	0x020a0000	0x020dffff	Private Memory	rw	-
pagefile_0x00000000020b0000	0x020b0000	0x020b4fff	Pagefile Backed Memory	rw	-
private_0x00000000020e0000	0x020e0000	0x020e6fff	Private Memory	rw	-
private_0x0000000002110000	0x02110000	0x0211ffff	Private Memory	rw	-
private_0x0000000002120000	0x02120000	0x0225ffff	Private Memory	rw	-
pagefile_0x0000000002120000	0x02120000	0x021d7fff	Pagefile Backed Memory	r	-
private_0x00000000021e0000	0x021e0000	0x0221ffff	Private Memory	rw	-
private_0x0000000002250000	0x02250000	0x0225ffff	Private Memory	rw	-
sortdefault.nls	0x02260000	0x02596fff	Memory Mapped File	r	-
private_0x00000000025a0000	0x025a0000	0x0269ffff	Private Memory	rw	-
private_0x00000000026a0000	0x026a0000	0x0279ffff	Private Memory	rw	-
private_0x00000000027a0000	0x027a0000	0x0299ffff	Private Memory	rw	-
private_0x00000000029a0000	0x029a0000	0x02a9ffff	Private Memory	rw	-
private_0x0000000002aa0000	0x02aa0000	0x02b9ffff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02cb0fff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c22fff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c27fff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c2bfff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c26fff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c2efff	Private Memory	rw	-
private_0x0000000002ba0000	0x02ba0000	0x02c9ffff	Private Memory	rw	-
private_0x0000000002ca0000	0x02ca0000	0x02cdffff	Private Memory	rw	-
private_0x0000000002ce0000	0x02ce0000	0x02ddffff	Private Memory	rw	-
private_0x0000000002de0000	0x02de0000	0x031dffff	Private Memory	rw	-
wow64win.dll	0x716e0000	0x71752fff	Memory Mapped File	rwx	-
wow64cpu.dll	0x71760000	0x71767fff	Memory Mapped File	rwx	-
wow64.dll	0x71770000	0x717befff	Memory Mapped File	rwx	-
dwmapi.dll	0x73980000	0x7399cfff	Memory Mapped File	rwx	-
ntmarta.dll	0x73a10000	0x73a37fff	Memory Mapped File	rwx	-
userenv.dll	0x73a40000	0x73a58fff	Memory Mapped File	rwx	-
rsaenh.dll	0x73a60000	0x73a8efff	Memory Mapped File	rwx	-
cryptsp.dll	0x73a90000	0x73aa2fff	Memory Mapped File	rwx	-
winsta.dll	0x73ab0000	0x73af3fff	Memory Mapped File	rwx	-
comctl32.dll	0x73b00000	0x73d08fff	Memory Mapped File	rwx	-
uxtheme.dll	0x73d10000	0x73d84fff	Memory Mapped File	rwx	-
bcrypt.dll	0x73d90000	0x73daafff	Memory Mapped File	rwx	-
winnsi.dll	0x73db0000	0x73db7fff	Memory Mapped File	rwx	-
wkscli.dll	0x73dc0000	0x73dcffff	Memory Mapped File	rwx	-
wmiclnt.dll	0x73dd0000	0x73dddfff	Memory Mapped File	rwx	-
iphlpapi.dll	0x73de0000	0x73e0ffff	Memory Mapped File	rwx	-
netutils.dll	0x73e10000	0x73e19fff	Memory Mapped File	rwx	-
srvcli.dll	0x73e20000	0x73e3bfff	Memory Mapped File	rwx	-
traffic.dll	0x73e40000	0x73e4bfff	Memory Mapped File	rwx	-
wtsapi32.dll	0x73e50000	0x73e5efff	Memory Mapped File	rwx	-
oleacc.dll	0x73e60000	0x73eb2fff	Memory Mapped File	rwx	-
netapi32.dll	0x73ec0000	0x73ed2fff	Memory Mapped File	rwx	-
comctl32.dll	0x73ee0000	0x73f71fff	Memory Mapped File	rwx	-
version.dll	0x73f80000	0x73f87fff	Memory Mapped File	rwx	-
apphelp.dll	0x73f90000	0x74020fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74030000	0x74088fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74090000	0x74099fff	Memory Mapped File	rwx	-
sspicli.dll	0x740a0000	0x740bdfff	Memory Mapped File	rwx	-
gdi32.dll	0x740e0000	0x7422cfff	Memory Mapped File	rwx	-
combase.dll	0x74230000	0x743e9fff	Memory Mapped File	rwx	-
crypt32.dll	0x74400000	0x74574fff	Memory Mapped File	rwx	-
sechost.dll	0x74580000	0x745c2fff	Memory Mapped File	rwx	-
msctf.dll	0x745d0000	0x746effff	Memory Mapped File	rwx	-
powrprof.dll	0x746f0000	0x74733fff	Memory Mapped File	rwx	-
imm32.dll	0x74740000	0x7476afff	Memory Mapped File	rwx	-
shell32.dll	0x747d0000	0x75b8efff	Memory Mapped File	rwx	-
shcore.dll	0x75b90000	0x75c1cfff	Memory Mapped File	rwx	-
nsi.dll	0x75c80000	0x75c86fff	Memory Mapped File	rwx	-
setupapi.dll	0x75c90000	0x75e34fff	Memory Mapped File	rwx	-
msvcrt.dll	0x75e40000	0x75efdfff	Memory Mapped File	rwx	-
ole32.dll	0x75f00000	0x75fe9fff	Memory Mapped File	rwx	-
shlwapi.dll	0x75ff0000	0x76033fff	Memory Mapped File	rwx	-
advapi32.dll	0x76040000	0x760bafff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x760c0000	0x760cbfff	Memory Mapped File	rwx	-
msasn1.dll	0x760d0000	0x760ddfff	Memory Mapped File	rwx	-
oleaut32.dll	0x761e0000	0x76271fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x762d0000	0x7637bfff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x76410000	0x76445fff	Memory Mapped File	rwx	-
kernelbase.dll	0x76510000	0x76685fff	Memory Mapped File	rwx	-
profapi.dll	0x76690000	0x7669efff	Memory Mapped File	rwx	-
ws2_32.dll	0x766a0000	0x766fbfff	Memory Mapped File	rwx	-
kernel32.dll	0x76870000	0x7695ffff	Memory Mapped File	rwx	-
windows.storage.dll	0x76960000	0x76e3cfff	Memory Mapped File	rwx	-
user32.dll	0x76e40000	0x76f7ffff	Memory Mapped File	rwx	-
ntdll.dll	0x76f90000	0x77108fff	Memory Mapped File	rwx	-
private_0x000000007fea4000	0x7fea4000	0x7fea6fff	Private Memory	rw	-
private_0x000000007fea7000	0x7fea7000	0x7fea9fff	Private Memory	rw	-
private_0x000000007feaa000	0x7feaa000	0x7feacfff	Private Memory	rw	-
private_0x000000007fead000	0x7fead000	0x7feaffff	Private Memory	rw	-
pagefile_0x000000007feb0000	0x7feb0000	0x7ffaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	r	-
private_0x000000007ffd5000	0x7ffd5000	0x7ffd7fff	Private Memory	rw	-
private_0x000000007ffd8000	0x7ffd8000	0x7ffdafff	Private Memory	rw	-
private_0x000000007ffdb000	0x7ffdb000	0x7ffddfff	Private Memory	rw	-
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	rw	-
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7ffa4d88ffff	Private Memory	r	-
ntdll.dll	0x7ffa4d890000	0x7ffa4da51fff	Memory Mapped File	rwx	-
private_0x00007ffa4da52000	0x7ffa4da52000	0x7ffffffeffff	Private Memory	r	-
For performance reasons, the remaining 1 entries are omitted. The remaining entries can be found in flog.txt.

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000001f50000:+0x3994	130. entry of twitchru.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to kernel32.dll:+0x10000	... Actions Go to Installer Region Go to Target Region

Created Files

Filename	File Size	Hash Values	Actions
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.gsg	0.41 KB	MD5: 5adc8550b91dfdea584b9f8041157923 SHA1: 9e5175d593cfa36ffe6544f986c0f45e525b12b1 SHA256: 1a2bf4989f8ddadf8c5f188879e6600f69f742e759a65ece19e60f6d53550d69 SSDeep: 12:pht/8GforCV9QR0nH5E9nFbEMvCGuBG9YKBAtH:phzIsfZUFgEG8/SH	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl.gsg	0.14 KB	MD5: 988f50de7b0af484404637e6b281de76 SHA1: ff6d0e7deb7e5471c5668e8853deb817add85362 SHA256: 41fc9c5aa22835731cd51faf7651256a7b3381654b32ca6f2087575fe280e706 SSDeep: 3:Cemx4FLlBa9q1MLsJnfDUO4PikI5Yon4F3ZKg3f/DUor:CemxELlyquiUOgI5YZKo/DUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst.gsg	88.44 KB	MD5: 48341010d76bacf8c8b3572520bd01f7 SHA1: d39de53cc1ca25dbdca43e397f3e04d5702e81f1 SHA256: 9ef844f502859aa5a832530a3a9bf364a9b8bfe0472d5d4fc4bddc8478337260 SSDeep: 1536:uE+644iHuryDZ6Jn6aA17MOrofxNyd1rXA+R5c2b6CHR1RpdSd0lpFv1hkD7Uz10:PiOeDlaI7MNydVtRq2+C76mp9PkD7Uze	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.gsg	0.34 KB	MD5: d23db4a7eeaff10d8b0a93fca09bc425 SHA1: f5a92c6c8358cc7acf7289e7acc5611075784aa7 SHA256: 21aca813131f9c08b2a4dcc68b8efe5d088eb68ab24abeab32632ea48ec51f4b SSDeep: 6:IjrA0o1J8JLjllg6uJ8LnSACRDmgmnIGpfsnRVHKPgMrJLN13ootCRM7Q:IjrA088FlluazrCV9QR0nRgPhN1RtCRl	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user.png.gsg	0.14 KB	MD5: 8a62874c62c3e7639c5ab7ab03ca4036 SHA1: 7ca13f1d51d8e16d99fc43f873a21de39287a256 SHA256: 867cd681e33c2d2b42d7ef5c2581de27e6e4e47e5efdbbac1decf1fc9b078dff SSDeep: 3:VyIhRGxmeyharN1f4WxtL5s6Qc40IDAe4/w2ed82npUor:YICxpy6z42tdQcT2TKed82npUor	... File Actions Show Properties Download
C:\\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.gsg	0.19 KB	MD5: 59f81dbd70b00781a4b303d62dee0ac2 SHA1: 08ac98e10bed9503def17cadce7e500392e3dc58 SHA256: ab8a6ab9cce6af7472cdabda44806ac48ddf1207d65b2858a0bc84b9bc536abe SSDeep: 3:0O6NV6GFLmvPX2mWsxb8IdrNTxWWkkh3AigTdUxabop6e6zNd9lPh6ttZqJcoT9H:0O6NQ3PX2mWubfNTx7hqUwG6e6hbmtt0	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user.bmp.gsg	0.14 KB	MD5: f55ecab32553c9a6bc75b35d77728bb6 SHA1: 250d5e3d09bd98016c9701eb4cd6100b9a6e0387 SHA256: 4619eac1866e477b2294be5d68016ae9d6c930d59dd3263a3bc8c7985ddd0112 SSDeep: 3:+2nCbECvLI9OdyrFI+ZOblu8U6DTfCmjd9OYh7tMgXUqGV9Uor:pCRLIsyR1SgYftj/OM7tMgQ9Uor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.gsg	0.34 KB	MD5: a0985941da9b5e2e7a0a3e4a11bf4b34 SHA1: 7cbb194ee7dc4814a8e134067f62368f3b538d1f SHA256: bf798e416b84a93aa73e60f21bf19c359f26d79902dca7ee82682cbc1a1f7174 SSDeep: 6:eL0bKDRaNNgZ5qrIlhTCcEHnSACRDmgmnIGpfsnBBpKuqRSQHES+sRGm92KBk4DD:sF7H14cEHnrCV9QR0nBBlsNESTrkmFB	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl.gsg	0.14 KB	MD5: f8c942b6b5a15fec64635bd45424c5aa SHA1: 43296f2b4508747e49779523dbc2491d5deb83d0 SHA256: ae25135c62a14811dd368b20c0093295945dacd24c50197d753001d2631572f3 SSDeep: 3:S0fgTxxpBZeyqO8IG2vdHor0A2HFKnx+bv2Ohj0k6pNyde9Sn:/g9hECMIdHor0bSm+OhcDyg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol.gsg	6.00 MB	MD5: bcf11423c9b0ebc9b725ae81c3e558c3 SHA1: 5d8edea9d94a312e09e27af4deb88537173f3eaa SHA256: 92dbff057b317ee2062b480dbb5199c6544426af6dcdd52d48edf8ee3fcb37f2 SSDeep: 196608:xeB+l0KmC/HqXFo94FMh8xaP4aTXEmLqFHxovDsOc6ws:UB+l0E/HkcUMh8gPH9cavDDc6ws	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl.gsg	0.14 KB	MD5: 58c0315e00a91165be124cd1dd95a164 SHA1: 4b71682e442a052a6f1809109d5864a32acd6bc3 SHA256: c327fe143c64763291c954dc6794cdaf638f97b25fbfd72ad0f270f5d4ca6ab4 SSDeep: 3:41pWOiIdATClXWBRv735+X0nxNBVpbep2+mrd+12Tyde9Sn:4Pi1zT3gX0nJbh+COSyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl.gsg	0.14 KB	MD5: 0ab0b4fac0fb5b47f3fd897bb05449c7 SHA1: 7f0c2975c9bb085d83a247f3c706963ae7e731c7 SHA256: 297c27dd832c832d6469f70154f4d46b4f407ede2d4d7a41b212e96a1fede858 SSDeep: 3:b/h4nXSZs5iuGzAuCFjSayNhQGioiWZW9vOEM25j69Tyde9Sn:8wOiuiAuCFjMhQ8o9vr35oTyg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.gsg	0.36 KB	MD5: f6d2372f2e4e41b5fcb81d5ab2b71486 SHA1: 9f599249d923e116c58c550510d04e4326079e9c SHA256: 8000575622151c29c8d054ee1b4ec8fd56d004c9714b63e792314c028533c880 SSDeep: 6:sS17dfbJpa8L74GgQs1bSeSSACRDmgmnIGpfsny00L9ok4Y+hIQw+5cJBIl0QE7d:sidftpVL75zaArCV9QR0ny0So+hN+C4A	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl.gsg	0.14 KB	MD5: b07c343f9aec47cff31fd15ad382e0d6 SHA1: 3cfaa48e2cb22569e9427518d64241bafb11b869 SHA256: 892a201bb835e1f3b39d5f61196dbdad87d5784d50d6e8c6cff475afa04c3585 SSDeep: 3:6baEmyxZdjVKncecdanPyYiqnV51Wklm9qxZX6vXHJvilnpUor:6bFZTKnvconPyYtCsm9IcPCpUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl.gsg	0.14 KB	MD5: 8d67fb0d9dfc5781ad990c718c3bd699 SHA1: f2e256399160b67521553ff281d4708e9c278d12 SHA256: dd517266f796966bbb37f5b62624ac49a461236a4bc6a799f14efd85fca386c1 SSDeep: 3:RPe7g5SAN+CTB4Zl66+pGJfYIafmtKQpEUGCPevk2zvfsKtpUor:pXMAx94b6JGfcmtQfCW8XKtpUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.gsg	1.36 KB	MD5: 9941eb9322a81d072e2bd7e1d829b1be SHA1: d69e44b97847841c5e1ab83fc5bbdaa461fa3533 SHA256: d2612511901b442e8814f33cb33831564354d71f6f67d2dd7218be068b2ca742 SSDeep: 24:GyTyw6o30ZbuC9lTnedSTUxhaIFDSSSlfLnxHS+CJH8rW7AFT:hf6o3Ybv9lredoAtSSsnMN/Md	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk.gsg	8.14 KB	MD5: 389bfb2c4c68bafb01e97f63002c8694 SHA1: 575f8040a76b1614e4a0430946fd27bc486a69a0 SHA256: 257b3a7158b4e462b5d96a6a318bcc75b4999a5ab766606b77a5c8a0c5c51501 SSDeep: 192:Ss/zC3pE67T8QYZHGTZbyoKXD8t2PW0OQzeQT4HRm8ma6yL:SI+a6pJyoigt0tztcxrma6u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.gsg	182.70 KB	MD5: e43bd88a52768bd93c1f89e38c915e35 SHA1: ecfae8a26807becd2e8931e08ab7aa43623520ac SHA256: 1a5b5711f7bc9bc44257ae12197c94e4af53fc999751dcf073f7a767568831a8 SSDeep: 3072:k+VujHYACoc90AVLQ6tuNjBhfFVmcyTEVIm2vlMmDs9zwIYq/UyIkhSonX:/kHFbc9LdQ6tUdEvTXmolvDs9zwIeLOX	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl.gsg	0.14 KB	MD5: ef4fbaa81fe4486e3869fffd770fb386 SHA1: e548ce00e5a1906054bd201304e1204091ba0524 SHA256: af179404b9d2a220599df7808a77effcaeccdffa467e899552d1096d1dabdd74 SSDeep: 3:IxFU6dP6VaBydHo7pst81M5xxm1EqhwDGqwpeEWnMvi/DUor:IvU6dyFHo7ytDjMEEaGPpRx6/DUor	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp.gsg	0.14 KB	MD5: 73932e4075a693695b640a15af3843ab SHA1: 5b11583e8498468994b554f6d2211b2516d3d741 SHA256: 5ed1cc729f468926c19a8fcb5497664f843e068ae927754d462c61a4110b6e5c SSDeep: 3:abpHc8wdnaHljBH/XWO60NIaJLLHg6aJrmomShRMUor:abpHoa1B/Xv60NrJ3yCorkUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old.gsg	0.28 KB	MD5: 66e8e4cc13bb5372daee2b3dd8dfea44 SHA1: a858087c45056b600b5cd64f98bea5e543e395f6 SHA256: 60953b0f5fd8b50dfa1057e4607299988013be4e35df3cc066da2cb82c8b8aca SSDeep: 6:brD+V4v38xM0MM2hZUQdlDvO5zmVb3LKHZn3Ck+uG/C+fEC5kZBwrHnKarV:L+C2MFM2PUQd1Lglw07wrHnKKV	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.gsg	3.42 KB	MD5: 9f9cba8ea0761068a49b4946f930f873 SHA1: a91a957f0c669a4e9522a6cb28a75b33abc2c059 SHA256: cf93be74e2657265815f30504944ab6a600d1836e034acbdf71cf54f0e839d70 SSDeep: 96:B7cWCOUvR0kcjlZ4Q9HHii4ZmcTzQAC1PWgZ9aqY4KG25ce:eWZUHu12TsdLaqY4KGice	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl.gsg	0.14 KB	MD5: 08454cdb98a8902076ce29527425f0cd SHA1: da97c732aecaa9920ee1b44966f880fad33c40d7 SHA256: 3126ea555157370b6a8c2fd8e9e74fc28cacaa854116f33d16fe1fa027a92336 SSDeep: 3:IcB8PK74Qds/elrhNDZPtrCqR/yNOwaVbMEQi7m7L2gqIGxDUor:Iwx4Qd2elbx8qRqcXbkpFGFUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.gsg	0.34 KB	MD5: 4c3c6ee72b0ae1bd8ae7cfb6601751d5 SHA1: 4b2041038a999e1f72590fd352dca525910d2e10 SHA256: e083164954a46da94f3abd7ee4089bad663a316f6b3e3981355cec8b180b7de7 SSDeep: 6:05PX3L13XUs/HmRFDISSACRDmgmnIGpfsnRTmhyl5lcJRYpxUj+QgPaW:09X3x3cRfrCV9QR0nJmhygJR6xUj+H	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl.gsg	0.14 KB	MD5: f3adf7caddf60dda24751b7c32098967 SHA1: d32a59fdf176043274d8262b108d518d1dcdcade SHA256: 5ba1d48f11e0812b68f97340946afb8a0ac1070c94ac7def612fa16d541f8513 SSDeep: 3:DknyYW5eC/w+xP936lcqOLdwjbajbpyILZxi6nlrI2qDRpUor:4BWAC/w+FV2c1uj2jFpFV4RpUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl.gsg	0.14 KB	MD5: 5585b7c55df0b40cb3ac4d09fb1d6724 SHA1: 94725cabf4ae027fb9eeb57715c55f34f5f63027 SHA256: 538009b4e7239af6a596ba9a1d5865a9234484850b111d928652129c3fac934e SSDeep: 3:F1XTA6aNwCNnIcLgXAuCkoT35xyFt0EG7RsysP1VUoyde9Sn:zTl6gXOX5IFet41Nyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl.gsg	0.14 KB	MD5: 765fbe854bc3f86cb7cef25b166a1285 SHA1: cfc6caf5920fb520820f85ac87ce4a7c53b8bb80 SHA256: 29c2450cfc1e54a25d2954e61b9fc62104810863f320c69039ddadf00cc77574 SSDeep: 3:XMOYC9pq2XgxbKTov/hfU/1BUlXrDlqaAiRfvQumiRXOe4YvTyde9Sn:XMApq2Xg4y/hfUNB9ijXOnIyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\guest.png.gsg	0.14 KB	MD5: ac521859a4d706b3638adb97af5d88b9 SHA1: 52419f46660ac4d893936b6644fe792b2bdc6b1f SHA256: fd9d2fcbf44e872644f5177f42e792bac0cc0b0dad989f47c03edde451517e42 SSDeep: 3:qLgf4lfmuPtXOWzHUpCbC6SY99QFn9R8GB4rTOTj7HNx0DYZMyM0O0jnpUor:qLkgmStXXjUDFn9eCTjpaBt0pUor	... File Actions Show Properties Download
C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	9.25 MB	MD5: c10cd607c7a73549e595e5572a7986da SHA1: f5a8401967c38244e0e2450b87ef672d75475760 SHA256: 8b7c4146b7f199f9ee8924d0c87a5c95b4f25b29ecd3bca1092ccd8ba6dbf991 SSDeep: 3:wAqemA8mA0gU/9XONRu8Pa1v7c+g5zMWDTbjgnbRBu9Itl:xmagmXODu8i1vD8YYbGs9	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log.gsg	3.00 MB	MD5: e8b81de940c9f74837eaed98ef0bb722 SHA1: ca43a7e145ef70fd5e64f574c7d456c0283b66f6 SHA256: 6a21dc408c8d1fbee68ea02ed81fe3b977e28ce442b3e58e980c6c9baea7cc45 SSDeep: 49152:PlOJ+HM1WEO8xwHEx2rjag5prgthoGGYxKTGNvGp72VFZdSYf4E+Izgh:PlOQHMs3ZEJY8vdGMXFfVFLSYf4/us	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl.gsg	0.14 KB	MD5: ceac08210168e249a1f2598529cecda1 SHA1: b995e96c7c85ffd4fad2f984b78fbc35f13f84c5 SHA256: 61370138146c49df48448184194571e17560f651338e2dda2f1c81d79fe592f2 SSDeep: 3:vY3OrEVBNksAMRDULv1lFBV9u+hUOws9hvZ4P6nSjq7HSyde9Sn:eNksAPvPd9uAVdhR4gSe7yyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl.gsg	0.14 KB	MD5: 4acc002d479d6502466c45355e26368a SHA1: d81befeaa1a1e0ef923680daa901e74193d39a4a SHA256: f06c5f8011366cc7527f635051c9ab6175ff7b2a18601ef2b71ad0c7a9074c51 SSDeep: 3:6mMIlPNWXqc8f+5bhlM55fkhS0PZTRZiphgpwBbXNyde9Sn:5dNSqc8f445ArPZ6gI9yg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.gsg	0.33 KB	MD5: aa1f4e559231ce99b0e9287cd83c5b1b SHA1: c2ad2f51b6c0492f0eb21e050c9ce42b01d5d27e SHA256: 0c2f2dd643e72e029a0aa42594c2900353cff7411a6daec9592834fa8474e408 SSDeep: 6:GpVKyFA3uYFr1oL1T8Czgj0RAIXGeDAhwdyNsre/4rjhzpC:8XcyTQj08eA0iCegrRpC	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old.gsg	0.48 KB	MD5: b488a1dbf30962f3ef7ed954a97b4ba0 SHA1: 3ca91829efc77af60a918eb267a59443180fc5cd SHA256: 03d9ef22ddaad44636f6a2df1750e0bcf461acda7f68f7821e9b58c879890b23 SSDeep: 12:45EkC6BBFW3XQw/ICvvLvplRe3B//dFVNczZco8jTo:jkCiBodI6Lvd+//dFQziZHo	... File Actions Show Properties Download
C:\\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.gsg	0.14 KB	MD5: cb87d30f01c0515787f0db9e7ac09f29 SHA1: b92ff1cdaa7654ec7a2899aa479b7aab512be46f SHA256: e9ce61936bfbf053f15183cdd4567d880f0385048250f17e0b6f0b227ba8f43b SSDeep: 3:Y7H1ullUoHwnwIVARbcn0WRGt+gJvhzzFHz9RTHwiXi44Ov8DPTyde9Sn:YzZoHwnAcnJGVrzpjTHw0i44O6yg9Sn	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user-48.png.gsg	0.14 KB	MD5: dd53992829fc608ad9f95d9f76459309 SHA1: 8382c253a630f33b3ba35dde2041f8fb78b59e73 SHA256: 491ba43120a1003c7169d6c8043845f87658ab809bd3497e6cdd484a29363ec5 SSDeep: 3:SWEqs0cwu4iBKoLgLiWZCVB37svKUp4pRbe/Gw8y8TnuDFnfLUor:SWw0DS8oKZHvKUW5wj8DuDdDUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl.gsg	0.14 KB	MD5: e55508955e93b6f91e96ee7c5f3ccb7e SHA1: 909598d5a9c4ffca418473e3a5dc91b7a2934c10 SHA256: ac79ddb758e71d53045e1acfb854fdc0d454d95a0ef9e416b1c850ebc28a1b11 SSDeep: 3:aWiMWMpJ3oxCdNNm7ci6DuoAIjmNSnmQ/2G/fp/DUor:aWiM/SsNeOudpAnmk2o5DUor	... File Actions Show Properties Download
C:\\Boot\BCD.LOG.gsg	0.00 KB	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3::	... File Actions Show Properties
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.gsg	9.47 KB	MD5: ab8b1b4892b08351ffa43e236c15f2a4 SHA1: 6a5f373ddd484e27620ca60fe498c84f91f606d7 SHA256: acdd85d364b04c4dd8311f315f8f8bba5d2bcdfde8a1e29a962c650f0f333003 SSDeep: 192:JKy+Qo66kgIJuZRY868l8oVC8vaqStecW2G4vvIjrs74HQtJy0l3xA9JG7/L:JK5L66jIJEY8Xiox0ex2FMrs7lto63mC	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl.gsg	0.14 KB	MD5: b49dba41a9eef3b16fc7cbe014b2d018 SHA1: 4cb039c9ff4ad8879e60eb7a8b47fec5130a1886 SHA256: 0ef8fe7b2305b1390b7e1a4cd503e1ca2605fcdfd035768c24b345bf517d0d17 SSDeep: 3:EIOqEmsm9FAv/ZMRLWrgeTYvyLFN6dh9Kaxk3v1wvQHgqB6knpUor:hOqEEnqZYz7yLKdCaOf1wYAqMknpUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.gsg	0.84 KB	MD5: b194c4d49ccd7c018e92f8ddfc4c88b5 SHA1: ac3db153f9f3fce07cef9906c29fc387105df25d SHA256: f55a6648c554c19590e5806999ef40fde1209f1f2c47073e9ae23b01f331ae11 SSDeep: 12:WHfg3M+ZrHCukJvlOackzZ+HyFsrHJp4pXBuUTOWTTRG+oXGkJ67rF36DM5SAHpI:W/LlqkzZB2Y5TVpoWkE7rFKDGH3rqcFa	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.gsg	0.34 KB	MD5: 7234d7d03553f510d1c0ecc8ee44f148 SHA1: d2853fd36326f6261130ffc050dd7d053743e7cc SHA256: 1087458d45e7dff4ead4ef156f6b0a36decc57194af121b2acf3af23b0549be9 SSDeep: 6:+lDlMyHthur9bFb8TKlSACRDmgmnIGpfsnqI/AAAcG79oXxTxJenSv3RKn:+9lMEur9JlrCV9QR0nql7iTJgS3s	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.gsg	0.34 KB	MD5: 9abe7512a2b204601b4c25f86995c2cb SHA1: 570ab9da5b3c4bcc2305f162bdf228fbd02b441e SHA256: 147f7a2b1350671b09912de526efc929db5c40fd5c56266cc282171151762585 SSDeep: 6:L7rYF6xFfjR9GSACRDmgmnIGpfsnlY0uuchGGrzE1ylATaehy:3rk6X7bGrCV9QR0nCVucHzE1YCvhy	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.gsg	0.22 KB	MD5: f6515af84615a9ea3622bc8a4ba93ce3 SHA1: 984afe4b7a33a7dd18becadae83660dfe4b9a884 SHA256: 42fdd36082b73914aa10cbd70af1ce9b55441084bf807915371f1640dbc3ccee SSDeep: 6:QC7GMIQbcOMil5ZBoNpjQcoFo3vV8Y1D3RO1n:QC7wQbUGZmNPBtT1rsn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl.gsg	0.14 KB	MD5: 28f49673ac8f23322f2fa5adfc63d10f SHA1: 9e7ce9a44a126952b6c1df59204fa51134bcafb2 SHA256: ccdfefe96a832817b66e3295d55eae4fe0d3cac50a5cc297e3861078af01c82e SSDeep: 3:l3s/YaYIDuBhqGsZT+xrHLseJvbaFNT4Z3FNpi+rYcXtLUor:tE3LGk7Z8jLaUZLp5YitLUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl.gsg	0.14 KB	MD5: 5a9a9de26e9c8221f6ff1a6a2cb8bafb SHA1: 0b87e83e1e58f61533493d1967b167281662df2d SHA256: 7148deef6d5bbab2a3600c94c5f1401b31ff1548e199dc37ad1c6ab3b1a108c8 SSDeep: 3:8E+et8ZG26IgGKa9Ny++nCQPOxGuRAoyXnVO20VV7u5r1Nt7yde9Sn:8Ev8Psda9NyOoOoeY+KNNyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl.gsg	0.14 KB	MD5: fd1d0f491419d6e743c053312fb056e6 SHA1: 9adaff56eeee73500ce265c5f316a079c7df8bf6 SHA256: 93f3cfaf47458af1b752f9503661d8752a1ea80f0bc2d15dee9c6f5f650053cc SSDeep: 3:+MsSY1nQTZxBBnKdnoPqtw0DZuNN2VNu7If8CELv/QOeEyde9Sn:zsSY1nQ1hKlwSfuNN2VNuoI/bbyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etl.gsg	0.14 KB	MD5: f56cf5a3f70f88e7a2a7408b3450602f SHA1: ddca67b5309c475cd7e0e0b1a20a5011cf78ce06 SHA256: 6f3d41b5761e840ea0069b90637cb420a52fb15c9edc38a72b94cc7b841c1299 SSDeep: 3:6i3lQOakGbrWWeufuyv5t+bW+KtmNfxtvrUDQ5EXlnpUor:6UlQOaA2uQUW+KtoxtvrUM5EX9pUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.gsg	2.75 KB	MD5: 8d76708571e51ba668a65f6e79097fe1 SHA1: 8cbfdb1303604f0f7bf28186da2eb8def2230978 SHA256: 2777185ea309658d5bc5b50fff850463306398eb217c6b704d74b57099bf8ec1 SSDeep: 48:syciM/3n0+sxL6+z9DQjrx/KDW256exAN6brUWRPpsuIndS1uat6ntcPykDf:dQE+H+ztQjcDv/AN6np+dS1uar7f	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.gsg	0.36 KB	MD5: 41ab8994a11921df2696dfaedaecbfe5 SHA1: 2b4412e6bd7212e31f2cc23fbb38fd64267ac50e SHA256: dc95a7d21c0b5c0548869fc527acbd90b4df046eff874c947b54e7c8fc860adf SSDeep: 6:CRngxeWTS5fXTnSACRDmgmnIGpfsn6JGwdFmDFLTuX3CxG1:Cj7nrCV9QR0n6JGwdMDtKHCxG1	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateUx.001.etl.gsg	4.14 KB	MD5: 47bb7fa223129ef65ba9f4447bd9612c SHA1: 626a61b600392a54db085d213443bc7728ae8b01 SHA256: 7031062bb1210e18754c376ea5bd5606a7025553adb1e91266d8f6dee6c9cc91 SSDeep: 96:xQ63IlO9XKjk7ISJ+BeSv6DIzRQTeHmcElscZfL4y2:xLI4Ue0evDKuTZxXZfa	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl.gsg	0.14 KB	MD5: e1b47930a1d0bc39c452490d1c1af952 SHA1: 3e0f80649086b34b94622953421d71e91838b7f8 SHA256: ab582be1eec99bceccedc593f284831ff269b268fedaaa081f141db521ac5af6 SSDeep: 3:RtkOdfOCBq5n+61m45gOYpPc2CMbQMUJO0/Q8ZIwk/x/DUor:we2Cq5+K5tYPsVnZIwk/NUor	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user-192.png.gsg	0.14 KB	MD5: 288976f5c60dabd6d8ab206034bf9ec0 SHA1: 9d186c75925d508f221932dea132d49546446863 SHA256: 089dd30803bd4a8d76d2448d80149c1c20ca418955258839d44c3d2ecb890f7d SSDeep: 3:DDVDW1MY7YWCbOb/J/0d9K3AYO+ATWQNqoyPxDUor:DpDW1M7WhbB8d9LrfTXq9FUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl.gsg	0.14 KB	MD5: 322ad85f8252e801215ef2567dbd6120 SHA1: c88309253760a0737605846478bdfbf80a206469 SHA256: 88afd5675d528e419487cab3496ec51eb272ba3a6a87c19f8a85c1ded6abfd04 SSDeep: 3:Fsb+qEtIFYszSpj3CSrO8my/lAM05/YlfAErBWdN0r6Ak9JFUor:ov7aLCWhAN/YlfAE8dnPrFUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.gsg	3.00 MB	MD5: 5fc7710f4ae089888b789f1bc67316fd SHA1: 06e0b570bff922e9c50b6b5590c14e5d6b8ff766 SHA256: 802164e8d65b4032703a5c5984d273102b6931ef090ea60ef6a50bb3e1966a7c SSDeep: 98304:3nxSMhqaguqNJnK/rcfLXctdbKTkFGKf3:3nxSESjMtVSE3	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.gsg	0.34 KB	MD5: ec7a4a2f5f884bf6c91f8bdf81c309f5 SHA1: 228369273e16b2ae123e113128d78caa019d2950 SHA256: 54368c69aa0a3c9b6b43542b71983b2c472fda79024dd06029ce1f645569cb7a SSDeep: 6:jV7sXltQVYsYL8LvY/X8pJlgLZdSACRDmgmnIGpfsnlY0uuchGGrzE1yOKJBNVQ+:B264Lq8X2JluZdrCV9QR0nCVucHzE1ZS	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl.gsg	0.14 KB	MD5: 421ea8200467a250bd05ec82037e7c2c SHA1: beb5c88a17e93e2e62cf540fd6ac40ef656d0402 SHA256: aaf69f4e005d6465bf3f96b43855df52e9d90ccda2e4d98d1b18964cf9fba1ad SSDeep: 3:hKEDavaKrnRQyMEWYLYpqlsMdxDaZ2E6EWjyRyJj4S50p20PTyde9Sn:Eqi77RF7scAZKCykvPTyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user-40.png.gsg	0.14 KB	MD5: 97eb3688fa697d55bf59e6f60f6cfc43 SHA1: bafed8db012b38971760dd11298155096c149e91 SHA256: 4bd287175cc417292ec21b428fe952766ce8c3b105a2667e2b092eebf9be9712 SSDeep: 3:prT0GOoKvLiZpcAeJvceF23T+YdTKzoWe2ucTDRmPrpUor:FT0GOoKvLipte0ndmRe2jcUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.gsg	0.36 KB	MD5: 10c1f22a7d05350ffd4cb44dfa5dc3fc SHA1: aad19f1798ad5cea67dcd056e392e4cb6e5489bf SHA256: 0b468e053165e9ec4403951fcf5660972673fa1c1472aa60217c278631954ede SSDeep: 6:KOYwHbS6+/gtOSwTrRSACRDmgmnIGpfsnjxFz+pH7dxgzfEq+KWCeeC:KwHbmPS2trCV9QR0n/gxgFTC	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl.gsg	0.14 KB	MD5: 1e3358c93026eb97ed212d07e609f755 SHA1: 56ace398b7d259fc3325ecdf948d6c3bf42423fc SHA256: 430951ea4e4353ed2a21fc7c4dd51c52046190057941b96d11078a14956d482f SSDeep: 3:RTa0OkTfBC4DyY35u/tnuE6to6dOee6gSDcDB1Jj0+Eyde9Sn:znQOyY3xvldOz6g3BDuyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl.gsg	0.14 KB	MD5: 064dbcf29dbd649dc97f7a77816fcd77 SHA1: db874ac414081100e2e2a8bd5044c972d4adfc0d SHA256: 8cf8b44fa26d2cdbeb8a26b2d4781adbab93dffcda269db616fb39af95f47c9a SSDeep: 3:BJcYc2LZxF5Z5h5hLC7i267CA3ZAsl9wrsrdRS0rPEyNM+n07yde9Sn:BiYc2LZxFzxh+UAs4n2NfSyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl.gsg	0.14 KB	MD5: 66c20a937ad3dbb47a7b9e8aad804e47 SHA1: 6f37e89c1bd4ce0cc3e5d608c12d5ae982b13dd7 SHA256: 9afb4bb846e141ea06921dda91a8245dd28cfd176a8be5fd714477451af39557 SSDeep: 3:3Q3eIgyDiPXvjhFArNghGqzxfRxeUS1EYbms+fVhEyde9Sn:AuIgyWG6leU8E2mDVSyg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.gsg	64.80 KB	MD5: 5dcacff6f2b4fd39094037e19df20720 SHA1: 5244216ec67cbcee5ac08dc6cbc50002d23c1c6a SHA256: d68906ebf57ea3a76b20c62ae5a4d1eda819c762ac6000f95f6c3c000d811903 SSDeep: 1536:/+wjASt4dx23zQ59e6JjwQ6sAxbwP6wmCLTJymRP8ECwORv3:G2AwG23ze9TPc0P6wmYTJZiE94v3	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.gsg	0.36 KB	MD5: 2af4c108d3c4ef05c3c7935efd2e6a7c SHA1: 31b0ad4e9ad2f91df8c6963cc606e934fbce2e46 SHA256: 6639be1e2778bc707595fea4512cf9cd19c044cb65fb776c70b627b23e9d5ec7 SSDeep: 6:tTUH3ewE7Nz/U8wHJDzazGgQSACRDmgmnIGpfsnZ+x6zKx1t4Vdd3Yc:5UHYheHJ6zGVrCV9QR0nzxYc	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.gsg	0.34 KB	MD5: 3ad0a1ab5aa309338c727e18ced6c507 SHA1: dba64e6229003254297404244ba31164da7554a6 SHA256: 8e8e627db8fb2571afdccdb159e83c4edfe634c0c836e6acb704b1eb173066e1 SSDeep: 6:FBvKENR/gh90lT8Qxrfk4z+zpKlSACRDmgmnIGpfsnHRpQHoS1jamkK1qxZ9Cqa:FpKOR/1TXpktpKlrCV9QR0nHR+HrImk6	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etl.gsg	0.14 KB	MD5: 3514ef6c6b4138827a0a7efcabde1c21 SHA1: 44ac69ab29a63e441cf62e4f4bcb9a17f182fac2 SHA256: 00090b3c89ae904476ede360a07811dcbc211caa52f9a18bf4c082b7222e0935 SSDeep: 3:SddexSDGI0c+ep7ST9WagLWA7y/lI9nf9gkaA/Ym/A53igcJ1Tyde9Sn:SdcUDfrO0Ln7SlI0gc3i3yg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl.gsg	0.14 KB	MD5: 758ea2039b335c93eb0ff44f189a0a6a SHA1: 0849f288aa8a6d4bb3aaa4c6dc2e3fb1b7d8add2 SHA256: b7a243628a338e7914da417cfc549a55c688a49bb12de6f2623740d0922fc5e3 SSDeep: 3:jEM6g4oXxTfglIoE1nR2QXTFTbK8XlVF/dIWaS3PGEyde9Sn:36GxDnwcTbKqlVFPaSryg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.gsg	9.47 KB	MD5: d3b18d9cf46e6c3ae4cc1b3f5d63bad9 SHA1: 24279848bec7e06afbfdee221b1499eadf4166f5 SHA256: b0a82a267b6dfe8569b9ae32c6c4be9ec2cbc100324e356d3627fd4009d0408d SSDeep: 192:Gy+Qo66kgIJuZRY868l8oVC8vaqStecW2G4vvIjrs74HQtJy0l3xA9JG7/L:G5L66jIJEY8Xiox0ex2FMrs7lto63mMD	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl.gsg	0.14 KB	MD5: 9fddff700e5ae5aa58bdabb830c2b53b SHA1: 0768a456b48c1e6a696a64b2b5336efbb516dc70 SHA256: d0925576bf9201732060dbab20e0dcbe8315e844cd4586ef701fd166f1685a64 SSDeep: 3:zqgACQYOWl9q9BQ0yjaFEBmwxHGtbG9C2U+P3Ws8DP9EIhdLr/MW5+3qiD7yde9S:XBaeq00UHxHGteC2r3WfXd/MBaifyg9S	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.gsg	0.42 KB	MD5: fbd04364d172563ee33b2364913bc672 SHA1: 0e1b4770ba65a2be2cc3367becc5ba430162b59a SHA256: f5c03fa63c7aa8530ceb09046d1e194ad3259a02c4bf12a4115d4367911e0723 SSDeep: 12:vJ75E5BziOnrCV9QR0nA4/VRx0m70Wvuj16/:vJ1E5RiOrsf7/VjULp6/	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.gsg	0.34 KB	MD5: 4b4aefaa41884745e04d77a0eeb52868 SHA1: df612ffcbfb47f777ae480e3df8286dcf567d41f SHA256: 4ca1c805b5a1d73c82800557b76204ba4260418d1bc24e6b796e2b2f590131cf SSDeep: 6:9tLSK1dTrVlwRf5+DTDLko5hSACRDmgmnIGpfsns/jDChrfPLtKqojumU8mDuZKz:PSWlwT+rjrCV9QR0nYjDChDTFL0u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.gsg	0.36 KB	MD5: 0690cce5cc389031bb5913e7775ab5ed SHA1: 3484c165ac106786b5363573a67f8398d6b37872 SHA256: 8f1d67ae413d4787edfcb2d4a23bb4cf3f3b4041df14adda403b0a79de7edd49 SSDeep: 6:sz/oDe926F1rxp0TOLE/noSACRDmgmnIGpfsnLEdTS3ldSEV4CpX:ssDeM6FhMiWnorCV9QR0nLElIdSE7X	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl.gsg	0.14 KB	MD5: e0274f5d379b7c1899d0d2cb6e7548be SHA1: 562dc7210d8b2061ac989d44cba6a2e76329419e SHA256: 0375a8bf232f26a72dafcce45c6c686596a514ca1b7cf4c9297f26ad140f1a02 SSDeep: 3:egeK+vpFWn0bBXLG9y7/IN/JjfUqmMC7a+5x65Uq3OFUQ+yJZDa/w8z/DUor:egeK6hbD7/In8wqD5x65UqzmJZGpDUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.gsg	0.34 KB	MD5: 53721109b0c5b854e6fe63ada55cf068 SHA1: 0ada1e64544e13e116437a1649e1108dbe600a1b SHA256: e535a4a7619f1043cdb1aa4801155657f928a03a51a8b5f3587d6c8c72d853cb SSDeep: 6:bl/n7faC6iUf3jodpncUlTRSACRDmgmnIGpfsnRVHhn7ISdEp3LdchCYv+j67IrF:blDfvGfcDhrCV9QR0nRTPdEXGbv+j6AF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.gsg	3.00 MB	MD5: 8c9b2277aabbdaecace4d2e06bee8af7 SHA1: e55065bc2f7ea3fe62bc320a54738cee04f4fa57 SHA256: a698b1b3a7e8704dcba83dbfc67cbe7bfc188d87f3003c093c2055972dcc3c3b SSDeep: 98304:YokrnDPmoE9i4W/wUzGWeLyMDLE/hqCNy0qn+:vOrm9i46LGWeLJE7y0s+	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.gsg	0.36 KB	MD5: fb111e12f74498c17ece8f3fd66dca7c SHA1: 9dc006b8d29c0c637b9525a69eb2c132b9e96af3 SHA256: 23cca0361bbaa1edc9b3291382058d7e19f28ce09daeacaf139ce3b69fe1b5f4 SSDeep: 6:8sQPXpWR6uZv1fKzKvMP90lSACRDmgmnIGpfsnkvswTDcdLt6gRBueDpYca+c2MZ:8s6lWv8zKUmlrCV9QR0nkvFOLtddppyT	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl.gsg	0.14 KB	MD5: 1e51ba854f045dcb8d59f9c43ac86f04 SHA1: fc4ef8281887bdab2d700ca726dd11e938b98f8e SHA256: 9c5224656f42353db4e3c4fef84f6c9f0d767ad8c65a8a11aa8a5da9fdb67e13 SSDeep: 3:/7tRXyQdfmj4Vr2hERP8KbPkofhWVG3hC2L/Tyde9Sn:z1mjYrGERPjbPJ0G3U2L/Tyg9Sn	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl.gsg	0.14 KB	MD5: 990a8fa809fe049575ef1ec696e08689 SHA1: 339a0e1d4afb2f06f079bceab76221c99b114205 SHA256: 4e07e65cb0f41f7162f22ae66914b61ed46524657d2d04c492df459543d39d2f SSDeep: 3:rOR8AKBtU0Qb2NY0ClVHLvD/ksetg6nyKv7NF4GyqxtpUor:r+JbqY7lVLD/ksetbnjv7AqUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst.gsg	1.27 KB	MD5: f4ca81b26bc77cca0e8379e064cc7e7c SHA1: 582dffb25ee016f0ef493a68960808f22701e5e9 SHA256: cdec0787d2349db11ecfd24476b239cf22bf1bc25ee986a3c8052f71969a0d37 SSDeep: 24:J/Qf5KVGnU/hSlUM1Q9iviwVLPkuOMRCyPBp0nKs:Jm5OGnUR0Q9itYMn3cF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.gsg	0.41 KB	MD5: 1072dd0c3b4bf63347635a119ce2c2d7 SHA1: 17357fb738b911de1fd71ba500ac7b64ae81a110 SHA256: c6fafb7bb7b0ed2631355cbfd5702d9f7c00dd93a7a176fd66b8cd3d1a106e77 SSDeep: 12:dZCdX/+T5gtCrCV9QR0nrJWyySW2YDcy63mml18ABV:dZCc5gtCsfVFW5Almml1vf	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.gsg	0.36 KB	MD5: 5a2ecb17844acbfd999a8fa16d3ec1ca SHA1: 1c9226347f36652e5b4e33bd92c40f8d71f6c17f SHA256: 3f2cf51de3d17e42ec60fe5540a35ab3fdb60b28ee5106acbdf46f572d6c7a4c SSDeep: 6:/yIBpDdp0IQOusXhGwpFOvSACRDmgmnIGpfsnBpFBgZXf2sOgYdmOhQGWhUm:6GJHQOph3pFOvrCV9QR0n9iO3OG8/	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.gsg	0.66 KB	MD5: bdf72f732fd71e806194afcf90c16559 SHA1: 88bc2b1b773ef6e2067edf1265abab02b8f90666 SHA256: caa424d9a6a5586f93011e970ab50be84cd45f13ab07e3a6e9b9613eeaf99102 SSDeep: 12:zFdSXUtctJE9lJNqh4P4KK8oxJnD+EtcKfWVzuKAvy2nnIdRFDUSY+En/c+V:xEXUtjNNqIK9xJD+8cKEuKKyAmhUSYWm	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.gsg	0.22 KB	MD5: 00f311dbf24d020706a05af3b3fd4ff8 SHA1: 90f775949f51e8ffa9e0870a497c87efda016718 SHA256: 0d05eb78536899abbf19d4db789fda43d4e3f5de51ae9af6a3bb6394cb00843a SSDeep: 6:CYaLQVx8HjpBMS6gIj4jlv9IdZU/5487VM:CyIprlidZm5XVM	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat.gsg	0.16 KB	MD5: bbcfb0dbfa988d7c4220c8b0dab59a98 SHA1: b388f3d5a98c9e30c4feb5b2e3bae5b464be53d5 SHA256: f689b4ae3c93d60f33fcde014407537a6d9f828076e52e2e710cdc766defda22 SSDeep: 3:Wiz21UC3iTrR02JnaiXfJZJK4GoiGtc3hcxuxHD0iRtjUly0ppGa2KF:WaeZSnP9KLoDq3hSuxHD1RJ8nppNDF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.gsg	0.36 KB	MD5: d72ed312b8a79055ba26037958e0ab9a SHA1: 3ca10ae40e41e80121a6b3eff6eeda4cff92f005 SHA256: 27c42ef545ca1eea64a623482f6dd32f6ad79cafba3b91258f571ce5a3a656fc SSDeep: 6:zjQKcj6qAKpTgTIc3UzuKgbi8LlZ8JSACRDmgmnIGpfsn5mfShASavkt2fIszgOK:nTqAKbSAgbzlZKrCV9QR0nphbavOSL7O	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.gsg	0.36 KB	MD5: a7724cea60a86e13c2201e4893b728a4 SHA1: 089426d387b8fd8a82c8df461711181f08a71542 SHA256: c5f609ab22631c802ecc678e267f1e328023741ef87daf09cc677dfdcaccf2ae SSDeep: 6:OtOFw9W8TANrLfgRxOZN/vlJRSACRDmgmnIGpfsnlYTLDtYnNbaSRyvuc1VQnx1g:Oth9W8Utk2ZBvTRrCV9QR0niTibVRyvJ	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl.gsg	0.14 KB	MD5: 4b98bbcd1af6762cbbcfadc157172bb1 SHA1: 820cf76bdc5b677bbe977095464638cfa72f603e SHA256: e5fe78a5473f6569f4a4a5e705eab13983bbc88ce1a3c6fae9ee0bcfa4cb3c3b SSDeep: 3:yLOr3rlnxjbpEa83iMU+6tNtYrSZcCjJYBP7NxLUor:MUrnp/V+6tcrSWCj+B7LUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.gsg	0.34 KB	MD5: 2326f81d019702e7bb04218a14d5d356 SHA1: 469563418dc9f9e049d463b2faf811dcfb804148 SHA256: 855cb6b7343932b8f91c29d2bcf2bed3ace80fb6187719d4ea0ecb9f7a6fcbc4 SSDeep: 6:S3FF5BhOPd8Ben/oSACRDmgmnIGpfsnTWkh3ez1cUV6KANwvKqMxjScP5n:wFLBhO+BeArCV9QR0nThhulV6hNwvKqa	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.gsg	62.06 KB	MD5: 88d4e513c1371d60b5a421fea0400f60 SHA1: e3aef4545bda7d59686739d2307797184c8960f2 SHA256: 345b3cc99a331868436501a9b6b7c0fbe1ff697dd1bbb7ffb4550d7ac4809554 SSDeep: 768:9Skn2f0MmI96AIS9E/0MkWSvp6ecBMwwnD8amCEoe0RBX8oz/fHsInvPNhSVjW9L:9VQmgLdKMvp65wnPmcfMkmsNhnrmVB5u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.gsg	0.36 KB	MD5: b2ab7076bed94bce87bbb1c9ceaabab8 SHA1: c8045a97758fef0cdff263e4260263f0232cc6da SHA256: f265c8a62d9524829dec68baf7a0a8ffd9ac74889d164f9a3dac3b8ac57d96a4 SSDeep: 6:6NNSl1LY8zZSJrCqC21/QSSACRDmgmnIGpfsnrSl6MZz2CP4N49WJiK62HahiJHv:mQlBY1Ca/QSrCV9QR0nslPi/Jx6kVrd	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.gsg	0.30 KB	MD5: 809f1927c9eb15e711e2426b4b67dd25 SHA1: 4b202c09f2ad87577444b23509d771c0c78a6a3e SHA256: a3fce29ff6655f875b41616165f0ad2cbde5e52a7493605308902d7f4eea6470 SSDeep: 6:VKpSq576oc2lqDoqBArM2EpC9oK2DI36N2dgYFPJFwIa2:goVPoQ4BkI2YFPJG72	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl.gsg	0.14 KB	MD5: a37cebe3fb74cc043c0cd8b2e4fb0dcf SHA1: f728de38f8b0a8376f49916cbca0a417b8e7c9c8 SHA256: 72a099d1079261f23d850fb5fc3d750ec4859cd63c014d2704088971ccca6170 SSDeep: 3:L3GoWlFjo74sze5ceJLP4ZnamI8ExZuyp0HkmenRNp/sRE5WEVpUor:KlF0Pe5ceFP4Zna/ZL9aHkpnRcE5WEV7	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.gsg	0.66 KB	MD5: 64ec31635bc5ac6a74dbbc1d4bd556fa SHA1: 3f45398ad4279210a1cec65f127a1edd0507ee42 SHA256: 805bb5248c87fecde0c70e28d14b56420a1214270decb31fd76207133871d863 SSDeep: 12:/8Bvb5fpKPo7cY6o3Bc15hk9MuL1epCsbnuIP94oTnhodJITUqimUqT7IBo:/wb5xOo7f6o30ZbuC9lTnedSTUxhaIq	... File Actions Show Properties Download
C:\\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.gsg	0.14 KB	MD5: f67ad2e3b61ad27b2b827253d55681cd SHA1: 2cef10b82401fe9512823570aa481acddce58f46 SHA256: bbe8f57afe111b0b5bf75473140f8009b334f52fc834ce4c6467f4be3033d191 SSDeep: 3:L2OiSs8VuLRRr/wiJ8uDYv6nGA7iA8YhxeJxvR+sZqrnpUor:Kycr/wgYv6rijMxAH+lzpUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.gsg	7.14 KB	MD5: 9dd094dc2b8023ff691a6d1b7ddcc25f SHA1: 2c50f2c9dbdf97278fb0d072635c1369a6b4b3b8 SHA256: ddbf1c790b094cc7d9041edad46d35c4c6486ef8be110f448ea199a9cdec6337 SSDeep: 192:v5gsq/wMHk+1E2uvq1CBMEZcG6uUz2v9F54bZ3zY2o+Wea:LwbEuf5uUqv9F5izsea	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.gsg	52.45 KB	MD5: 7ba3499ea7c4a5fcbb4b8f6ca0487c06 SHA1: 2a4bf8267e9ac73b61584914dad4a3d2fe2f9f9c SHA256: 5c7c6f11bb48fc134f51e23c990c1c705f33e14849c550a0658478053704207c SSDeep: 1536:UMsXWHWlTn8KAmaNvkJ/doyBQxsOuC5VqBI5/IpzoNGep8B:Uwu8cgsJ/djAsW5VqBI5ezoNd6	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl.gsg	0.14 KB	MD5: 055dbe510328ea30ad04eaac2167f8e3 SHA1: 084f6ecdee61aec18f282681d1c414b1b66c5faf SHA256: a81bf507caed3eb124d92b29aa4e576980019ff32ef3c1c3d615351074dd879e SSDeep: 3:t54XdbOaPidsHKmRv84u4hTlhYzNK0W6648QYL3BVarOKrgPFUor:L4XZOaPidQv8j4FrYzj8Q83jaywGFUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old.gsg	0.45 KB	MD5: 4722bbb73b57addc80dfe9547a85a15a SHA1: 5983a52a82b807637d47c6c6af4f7fb974e4af26 SHA256: a4dd17c9bc00cf073f653e51b2994e2ad957cc1a3e16ee379d3054bcf7a8d6a9 SSDeep: 12:d+KDrEmxRMx0hcGUkMw50PGJcPI9AVCZgYVCdhF:zh+ShjFhG+KYsd	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl.gsg	0.14 KB	MD5: 8a76a9aaeeda925712342f2b5b1bdc2c SHA1: 25f39d93c481890d610c941454f4bb4cfba6bdcd SHA256: 6e95a03da6e737b963dc740aa109e4233522ac7c733630af9795b13e05b45f66 SSDeep: 3:vNh3vXszLOokVo5/IPotkY3kZKBNuIOmYgiYf+WN1l7NtPTyde9Sn:EzLHgPouPo5IGBNjJtPTyg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.gsg	0.36 KB	MD5: f99286848434dd42bb128376a33f8cd2 SHA1: 7ff08043f0d264416b1e6851f495ac2f7b2c8522 SHA256: 75499a84880b935784b67b7a4f8a58cff87b97edcbc53df21b387bec6f83d57a SSDeep: 6:W6x24IK+PReCEB1vmY4vJ16geMfspm3jGETOlSACRDmgmnIGpfsnOQsk0Q2qNA/q:1x2VVEHTuYg1tEpGaEarCV9QR0nOQ/0u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.gsg	3.00 MB	MD5: cfa3e8449390d75766f864456be0ec9a SHA1: 08046a5d4c4830bc131a709f3b575a4a17e388c6 SHA256: d7cacf51114924d87c17bd447138253ea20bf6371e8716e4a7b5068b32f46c40 SSDeep: 49152:lZZIMJkGYjuCshxkT5sYXnJ+16NHx/bPifreAb+8n1f8L8uYhfO+:pM9juC4x0WeJ+qRzOvn1f84b	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl.gsg	0.14 KB	MD5: cd6e55ba2b4d8991d752290394447833 SHA1: 5d14b238aef598a0be79b14edd1076cb8ab75165 SHA256: 57bd2183f635e4c128dcb657ae406fd61e4d9eb8dd17cacf812f805be7b1f273 SSDeep: 3:m4+ZYnziCzDWVaDrymOjgfCpaU98DeoMkjcClLfOuyNUor:P+anKOOuCp1986mLfByNUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.gsg	0.39 KB	MD5: 7e8515738480c7368e74d08885475126 SHA1: a0e66ba3d2bd1a4072c0e5bbc5f5781af4abe0a2 SHA256: f6f6178a644ba8053029b1f0774837f1b0c226f9eb3ae72790e5af0bd023aacd SSDeep: 12:gnWpC3/AdsKzIJofutVhKT/WhceK5NWYGU6:gWAYdsdoyV0+TKOYj6	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl.gsg	0.14 KB	MD5: 1009aac5e5fa851423028ed2d2a06799 SHA1: 63b890db8cf800ad3bb797300f1a87cc0bf7aa0b SHA256: f9a4e9f639515077acb8d584f713a4303fc4c84fa51c887441195c1d66a0d99b SSDeep: 3:gweeY4C3xpZyfxMjZDPYnOtIxK6qIZyFUy/oHXI8IyCR69pFUor:giY4opMZixKOCK6qSygHY8IyCRsUor	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst.gsg	146.97 KB	MD5: 16847f6ee0b98287ffaed57f627d1b92 SHA1: 91b087ae7cb7abb7bea21629c2f32a3af38708ec SHA256: 5e9617beddf70259573317758ce775648e0a1f99e8167c88ffc3fbb51cf46bde SSDeep: 3072:UMy3G8Nhmd5KZOCfOJfurue9UuzJR+6fwGRZuurhg36GUlC+j5Juu:U53G8XpOCYurj9Uuz7+gwGRAuVE6GJSJ	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.gsg	1.14 KB	MD5: 269a3367418e8eae51ccdcb9f9fd4409 SHA1: 7d56cf9166214ea548c0dc02dc8335601980f43d SHA256: 7e30d907992b4f8df5b0e07d7d47480e658eb15070ac353460fccf1a2de72ec1 SSDeep: 24:X9kNNqIK9xJD+8cKEuKKyAmhUSYW+VN2PAyCTyDjO9m+VrN:X94NPK9xJqZw9wYWe2Iry/OQ+Vx	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.gsg	0.34 KB	MD5: 2dc0a1507c31bdf2df5f7799df05b27f SHA1: 2834fa927eb20db5de20359d55354a1a24d2c842 SHA256: 7760fb45efddd4943b999335516e2d644648e5f7b2e384eab7a5069969ccacb6 SSDeep: 6:vzGHwLnSeDdEN00lmt/LOvSACRDmgmnIGpfsnFF877QqNeV6hq3h0ZntJXw+BLhe:vzNHKJ8/6vrCV9QR0nTIQ6kh0ZtJgljL	... File Actions Show Properties Download
C:\\ProgramData\Microsoft\User Account Pictures\user-32.png.gsg	0.14 KB	MD5: 9c832fac159647701f8ab1f6cd29ed1e SHA1: 5e2778c83ab59d298a85154b5d737529c26cac0c SHA256: 463bb338c2b3ee3f2f3457b54e92279e21a9c4be1dee857c31d04aabe5523b49 SSDeep: 3:DdmubqFq4fEdLvv0cuTBm+s/6LMpVU0o+WaOlw6c/ieYynAxcyi/VpUor:VbAq40LvnqBMp+0ofaHiHyWi9pUor	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl.gsg	0.14 KB	MD5: dd744160cd25b51e4a73c2a230155137 SHA1: 31d2e49acc77bce81f8a84ed8af6cc0838585e67 SHA256: 12ee512668f28c8e9997aa145b82a5d908a7f2ef9f9ce9ef2afb4c0646f180d9 SSDeep: 3:HBmyDh+RbDJK7CkpZyiUPPZyqQkHoShHwZmTdMcXMGC37yde9Sn:hmyDmDEmk3yiqkqR/QZknMdyg9Sn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.gsg	0.17 KB	MD5: 0ec6dab42931ea237ef29c214a8c29ea SHA1: a1096b553146c603408f23152d18962204f47204 SHA256: 47a6c362eb6cc8cd805013abf1bf8169f4ee057ecab9e464fc218e8ad2792330 SSDeep: 3:AgH5wpbmgf9gLBNL4kKUzCq4ZV52rZXOHc3edRyK9ofjXNqreC4A0c7:fyf9gLcD/q4ZqpOHGedRRej0yC4Vc7	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.gsg	0.41 KB	MD5: 5adc8550b91dfdea584b9f8041157923 SHA1: 9e5175d593cfa36ffe6544f986c0f45e525b12b1 SHA256: 1a2bf4989f8ddadf8c5f188879e6600f69f742e759a65ece19e60f6d53550d69 SSDeep: 12:pht/8GforCV9QR0nH5E9nFbEMvCGuBG9YKBAtH:phzIsfZUFgEG8/SH	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst.gsg	88.44 KB	MD5: 48341010d76bacf8c8b3572520bd01f7 SHA1: d39de53cc1ca25dbdca43e397f3e04d5702e81f1 SHA256: 9ef844f502859aa5a832530a3a9bf364a9b8bfe0472d5d4fc4bddc8478337260 SSDeep: 1536:uE+644iHuryDZ6Jn6aA17MOrofxNyd1rXA+R5c2b6CHR1RpdSd0lpFv1hkD7Uz10:PiOeDlaI7MNydVtRq2+C76mp9PkD7Uze	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.gsg	0.34 KB	MD5: d23db4a7eeaff10d8b0a93fca09bc425 SHA1: f5a92c6c8358cc7acf7289e7acc5611075784aa7 SHA256: 21aca813131f9c08b2a4dcc68b8efe5d088eb68ab24abeab32632ea48ec51f4b SSDeep: 6:IjrA0o1J8JLjllg6uJ8LnSACRDmgmnIGpfsnRVHKPgMrJLN13ootCRM7Q:IjrA088FlluazrCV9QR0nRgPhN1RtCRl	... File Actions Show Properties Download
C:\\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.gsg	0.19 KB	MD5: 59f81dbd70b00781a4b303d62dee0ac2 SHA1: 08ac98e10bed9503def17cadce7e500392e3dc58 SHA256: ab8a6ab9cce6af7472cdabda44806ac48ddf1207d65b2858a0bc84b9bc536abe SSDeep: 3:0O6NV6GFLmvPX2mWsxb8IdrNTxWWkkh3AigTdUxabop6e6zNd9lPh6ttZqJcoT9H:0O6NQ3PX2mWubfNTx7hqUwG6e6hbmtt0	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.gsg	0.34 KB	MD5: a0985941da9b5e2e7a0a3e4a11bf4b34 SHA1: 7cbb194ee7dc4814a8e134067f62368f3b538d1f SHA256: bf798e416b84a93aa73e60f21bf19c359f26d79902dca7ee82682cbc1a1f7174 SSDeep: 6:eL0bKDRaNNgZ5qrIlhTCcEHnSACRDmgmnIGpfsnBBpKuqRSQHES+sRGm92KBk4DD:sF7H14cEHnrCV9QR0nBBlsNESTrkmFB	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol.gsg	6.00 MB	MD5: bcf11423c9b0ebc9b725ae81c3e558c3 SHA1: 5d8edea9d94a312e09e27af4deb88537173f3eaa SHA256: 92dbff057b317ee2062b480dbb5199c6544426af6dcdd52d48edf8ee3fcb37f2 SSDeep: 196608:xeB+l0KmC/HqXFo94FMh8xaP4aTXEmLqFHxovDsOc6ws:UB+l0E/HkcUMh8gPH9cavDDc6ws	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.gsg	0.36 KB	MD5: f6d2372f2e4e41b5fcb81d5ab2b71486 SHA1: 9f599249d923e116c58c550510d04e4326079e9c SHA256: 8000575622151c29c8d054ee1b4ec8fd56d004c9714b63e792314c028533c880 SSDeep: 6:sS17dfbJpa8L74GgQs1bSeSSACRDmgmnIGpfsny00L9ok4Y+hIQw+5cJBIl0QE7d:sidftpVL75zaArCV9QR0ny0So+hN+C4A	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.gsg	1.36 KB	MD5: 9941eb9322a81d072e2bd7e1d829b1be SHA1: d69e44b97847841c5e1ab83fc5bbdaa461fa3533 SHA256: d2612511901b442e8814f33cb33831564354d71f6f67d2dd7218be068b2ca742 SSDeep: 24:GyTyw6o30ZbuC9lTnedSTUxhaIFDSSSlfLnxHS+CJH8rW7AFT:hf6o3Ybv9lredoAtSSsnMN/Md	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk.gsg	8.14 KB	MD5: 389bfb2c4c68bafb01e97f63002c8694 SHA1: 575f8040a76b1614e4a0430946fd27bc486a69a0 SHA256: 257b3a7158b4e462b5d96a6a318bcc75b4999a5ab766606b77a5c8a0c5c51501 SSDeep: 192:Ss/zC3pE67T8QYZHGTZbyoKXD8t2PW0OQzeQT4HRm8ma6yL:SI+a6pJyoigt0tztcxrma6u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.gsg	182.70 KB	MD5: e43bd88a52768bd93c1f89e38c915e35 SHA1: ecfae8a26807becd2e8931e08ab7aa43623520ac SHA256: 1a5b5711f7bc9bc44257ae12197c94e4af53fc999751dcf073f7a767568831a8 SSDeep: 3072:k+VujHYACoc90AVLQ6tuNjBhfFVmcyTEVIm2vlMmDs9zwIYq/UyIkhSonX:/kHFbc9LdQ6tUdEvTXmolvDs9zwIeLOX	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old.gsg	0.28 KB	MD5: 66e8e4cc13bb5372daee2b3dd8dfea44 SHA1: a858087c45056b600b5cd64f98bea5e543e395f6 SHA256: 60953b0f5fd8b50dfa1057e4607299988013be4e35df3cc066da2cb82c8b8aca SSDeep: 6:brD+V4v38xM0MM2hZUQdlDvO5zmVb3LKHZn3Ck+uG/C+fEC5kZBwrHnKarV:L+C2MFM2PUQd1Lglw07wrHnKKV	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.gsg	3.42 KB	MD5: 9f9cba8ea0761068a49b4946f930f873 SHA1: a91a957f0c669a4e9522a6cb28a75b33abc2c059 SHA256: cf93be74e2657265815f30504944ab6a600d1836e034acbdf71cf54f0e839d70 SSDeep: 96:B7cWCOUvR0kcjlZ4Q9HHii4ZmcTzQAC1PWgZ9aqY4KG25ce:eWZUHu12TsdLaqY4KGice	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.gsg	0.34 KB	MD5: 4c3c6ee72b0ae1bd8ae7cfb6601751d5 SHA1: 4b2041038a999e1f72590fd352dca525910d2e10 SHA256: e083164954a46da94f3abd7ee4089bad663a316f6b3e3981355cec8b180b7de7 SSDeep: 6:05PX3L13XUs/HmRFDISSACRDmgmnIGpfsnRTmhyl5lcJRYpxUj+QgPaW:09X3x3cRfrCV9QR0nJmhygJR6xUj+H	... File Actions Show Properties Download
C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	9.25 MB	MD5: c10cd607c7a73549e595e5572a7986da SHA1: f5a8401967c38244e0e2450b87ef672d75475760 SHA256: 8b7c4146b7f199f9ee8924d0c87a5c95b4f25b29ecd3bca1092ccd8ba6dbf991 SSDeep: 3:wAqemA8mA0gU/9XONRu8Pa1v7c+g5zMWDTbjgnbRBu9Itl:xmagmXODu8i1vD8YYbGs9	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log.gsg	3.00 MB	MD5: e8b81de940c9f74837eaed98ef0bb722 SHA1: ca43a7e145ef70fd5e64f574c7d456c0283b66f6 SHA256: 6a21dc408c8d1fbee68ea02ed81fe3b977e28ce442b3e58e980c6c9baea7cc45 SSDeep: 49152:PlOJ+HM1WEO8xwHEx2rjag5prgthoGGYxKTGNvGp72VFZdSYf4E+Izgh:PlOQHMs3ZEJY8vdGMXFfVFLSYf4/us	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old.gsg	0.48 KB	MD5: b488a1dbf30962f3ef7ed954a97b4ba0 SHA1: 3ca91829efc77af60a918eb267a59443180fc5cd SHA256: 03d9ef22ddaad44636f6a2df1750e0bcf461acda7f68f7821e9b58c879890b23 SSDeep: 12:45EkC6BBFW3XQw/ICvvLvplRe3B//dFVNczZco8jTo:jkCiBodI6Lvd+//dFQziZHo	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.gsg	9.47 KB	MD5: ab8b1b4892b08351ffa43e236c15f2a4 SHA1: 6a5f373ddd484e27620ca60fe498c84f91f606d7 SHA256: acdd85d364b04c4dd8311f315f8f8bba5d2bcdfde8a1e29a962c650f0f333003 SSDeep: 192:JKy+Qo66kgIJuZRY868l8oVC8vaqStecW2G4vvIjrs74HQtJy0l3xA9JG7/L:JK5L66jIJEY8Xiox0ex2FMrs7lto63mC	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.gsg	0.84 KB	MD5: b194c4d49ccd7c018e92f8ddfc4c88b5 SHA1: ac3db153f9f3fce07cef9906c29fc387105df25d SHA256: f55a6648c554c19590e5806999ef40fde1209f1f2c47073e9ae23b01f331ae11 SSDeep: 12:WHfg3M+ZrHCukJvlOackzZ+HyFsrHJp4pXBuUTOWTTRG+oXGkJ67rF36DM5SAHpI:W/LlqkzZB2Y5TVpoWkE7rFKDGH3rqcFa	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.gsg	0.34 KB	MD5: 7234d7d03553f510d1c0ecc8ee44f148 SHA1: d2853fd36326f6261130ffc050dd7d053743e7cc SHA256: 1087458d45e7dff4ead4ef156f6b0a36decc57194af121b2acf3af23b0549be9 SSDeep: 6:+lDlMyHthur9bFb8TKlSACRDmgmnIGpfsnqI/AAAcG79oXxTxJenSv3RKn:+9lMEur9JlrCV9QR0nql7iTJgS3s	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.gsg	0.34 KB	MD5: 9abe7512a2b204601b4c25f86995c2cb SHA1: 570ab9da5b3c4bcc2305f162bdf228fbd02b441e SHA256: 147f7a2b1350671b09912de526efc929db5c40fd5c56266cc282171151762585 SSDeep: 6:L7rYF6xFfjR9GSACRDmgmnIGpfsnlY0uuchGGrzE1ylATaehy:3rk6X7bGrCV9QR0nCVucHzE1YCvhy	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.gsg	0.22 KB	MD5: f6515af84615a9ea3622bc8a4ba93ce3 SHA1: 984afe4b7a33a7dd18becadae83660dfe4b9a884 SHA256: 42fdd36082b73914aa10cbd70af1ce9b55441084bf807915371f1640dbc3ccee SSDeep: 6:QC7GMIQbcOMil5ZBoNpjQcoFo3vV8Y1D3RO1n:QC7wQbUGZmNPBtT1rsn	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.gsg	2.75 KB	MD5: 8d76708571e51ba668a65f6e79097fe1 SHA1: 8cbfdb1303604f0f7bf28186da2eb8def2230978 SHA256: 2777185ea309658d5bc5b50fff850463306398eb217c6b704d74b57099bf8ec1 SSDeep: 48:syciM/3n0+sxL6+z9DQjrx/KDW256exAN6brUWRPpsuIndS1uat6ntcPykDf:dQE+H+ztQjcDv/AN6np+dS1uar7f	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.gsg	0.36 KB	MD5: 41ab8994a11921df2696dfaedaecbfe5 SHA1: 2b4412e6bd7212e31f2cc23fbb38fd64267ac50e SHA256: dc95a7d21c0b5c0548869fc527acbd90b4df046eff874c947b54e7c8fc860adf SSDeep: 6:CRngxeWTS5fXTnSACRDmgmnIGpfsn6JGwdFmDFLTuX3CxG1:Cj7nrCV9QR0n6JGwdMDtKHCxG1	... File Actions Show Properties Download
C:\\ProgramData\USOShared\Logs\UpdateUx.001.etl.gsg	4.14 KB	MD5: 47bb7fa223129ef65ba9f4447bd9612c SHA1: 626a61b600392a54db085d213443bc7728ae8b01 SHA256: 7031062bb1210e18754c376ea5bd5606a7025553adb1e91266d8f6dee6c9cc91 SSDeep: 96:xQ63IlO9XKjk7ISJ+BeSv6DIzRQTeHmcElscZfL4y2:xLI4Ue0evDKuTZxXZfa	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.gsg	3.00 MB	MD5: 5fc7710f4ae089888b789f1bc67316fd SHA1: 06e0b570bff922e9c50b6b5590c14e5d6b8ff766 SHA256: 802164e8d65b4032703a5c5984d273102b6931ef090ea60ef6a50bb3e1966a7c SSDeep: 98304:3nxSMhqaguqNJnK/rcfLXctdbKTkFGKf3:3nxSESjMtVSE3	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.gsg	0.34 KB	MD5: ec7a4a2f5f884bf6c91f8bdf81c309f5 SHA1: 228369273e16b2ae123e113128d78caa019d2950 SHA256: 54368c69aa0a3c9b6b43542b71983b2c472fda79024dd06029ce1f645569cb7a SSDeep: 6:jV7sXltQVYsYL8LvY/X8pJlgLZdSACRDmgmnIGpfsnlY0uuchGGrzE1yOKJBNVQ+:B264Lq8X2JluZdrCV9QR0nCVucHzE1ZS	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.gsg	0.36 KB	MD5: 10c1f22a7d05350ffd4cb44dfa5dc3fc SHA1: aad19f1798ad5cea67dcd056e392e4cb6e5489bf SHA256: 0b468e053165e9ec4403951fcf5660972673fa1c1472aa60217c278631954ede SSDeep: 6:KOYwHbS6+/gtOSwTrRSACRDmgmnIGpfsnjxFz+pH7dxgzfEq+KWCeeC:KwHbmPS2trCV9QR0n/gxgFTC	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.gsg	64.80 KB	MD5: 5dcacff6f2b4fd39094037e19df20720 SHA1: 5244216ec67cbcee5ac08dc6cbc50002d23c1c6a SHA256: d68906ebf57ea3a76b20c62ae5a4d1eda819c762ac6000f95f6c3c000d811903 SSDeep: 1536:/+wjASt4dx23zQ59e6JjwQ6sAxbwP6wmCLTJymRP8ECwORv3:G2AwG23ze9TPc0P6wmYTJZiE94v3	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.gsg	0.36 KB	MD5: 2af4c108d3c4ef05c3c7935efd2e6a7c SHA1: 31b0ad4e9ad2f91df8c6963cc606e934fbce2e46 SHA256: 6639be1e2778bc707595fea4512cf9cd19c044cb65fb776c70b627b23e9d5ec7 SSDeep: 6:tTUH3ewE7Nz/U8wHJDzazGgQSACRDmgmnIGpfsnZ+x6zKx1t4Vdd3Yc:5UHYheHJ6zGVrCV9QR0nzxYc	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.gsg	0.34 KB	MD5: 3ad0a1ab5aa309338c727e18ced6c507 SHA1: dba64e6229003254297404244ba31164da7554a6 SHA256: 8e8e627db8fb2571afdccdb159e83c4edfe634c0c836e6acb704b1eb173066e1 SSDeep: 6:FBvKENR/gh90lT8Qxrfk4z+zpKlSACRDmgmnIGpfsnHRpQHoS1jamkK1qxZ9Cqa:FpKOR/1TXpktpKlrCV9QR0nHR+HrImk6	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.gsg	9.47 KB	MD5: d3b18d9cf46e6c3ae4cc1b3f5d63bad9 SHA1: 24279848bec7e06afbfdee221b1499eadf4166f5 SHA256: b0a82a267b6dfe8569b9ae32c6c4be9ec2cbc100324e356d3627fd4009d0408d SSDeep: 192:Gy+Qo66kgIJuZRY868l8oVC8vaqStecW2G4vvIjrs74HQtJy0l3xA9JG7/L:G5L66jIJEY8Xiox0ex2FMrs7lto63mMD	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.gsg	0.42 KB	MD5: fbd04364d172563ee33b2364913bc672 SHA1: 0e1b4770ba65a2be2cc3367becc5ba430162b59a SHA256: f5c03fa63c7aa8530ceb09046d1e194ad3259a02c4bf12a4115d4367911e0723 SSDeep: 12:vJ75E5BziOnrCV9QR0nA4/VRx0m70Wvuj16/:vJ1E5RiOrsf7/VjULp6/	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.gsg	0.34 KB	MD5: 4b4aefaa41884745e04d77a0eeb52868 SHA1: df612ffcbfb47f777ae480e3df8286dcf567d41f SHA256: 4ca1c805b5a1d73c82800557b76204ba4260418d1bc24e6b796e2b2f590131cf SSDeep: 6:9tLSK1dTrVlwRf5+DTDLko5hSACRDmgmnIGpfsns/jDChrfPLtKqojumU8mDuZKz:PSWlwT+rjrCV9QR0nYjDChDTFL0u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.gsg	0.36 KB	MD5: 0690cce5cc389031bb5913e7775ab5ed SHA1: 3484c165ac106786b5363573a67f8398d6b37872 SHA256: 8f1d67ae413d4787edfcb2d4a23bb4cf3f3b4041df14adda403b0a79de7edd49 SSDeep: 6:sz/oDe926F1rxp0TOLE/noSACRDmgmnIGpfsnLEdTS3ldSEV4CpX:ssDeM6FhMiWnorCV9QR0nLElIdSE7X	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.gsg	0.34 KB	MD5: 53721109b0c5b854e6fe63ada55cf068 SHA1: 0ada1e64544e13e116437a1649e1108dbe600a1b SHA256: e535a4a7619f1043cdb1aa4801155657f928a03a51a8b5f3587d6c8c72d853cb SSDeep: 6:bl/n7faC6iUf3jodpncUlTRSACRDmgmnIGpfsnRVHhn7ISdEp3LdchCYv+j67IrF:blDfvGfcDhrCV9QR0nRTPdEXGbv+j6AF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.gsg	3.00 MB	MD5: 8c9b2277aabbdaecace4d2e06bee8af7 SHA1: e55065bc2f7ea3fe62bc320a54738cee04f4fa57 SHA256: a698b1b3a7e8704dcba83dbfc67cbe7bfc188d87f3003c093c2055972dcc3c3b SSDeep: 98304:YokrnDPmoE9i4W/wUzGWeLyMDLE/hqCNy0qn+:vOrm9i46LGWeLJE7y0s+	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.gsg	0.36 KB	MD5: fb111e12f74498c17ece8f3fd66dca7c SHA1: 9dc006b8d29c0c637b9525a69eb2c132b9e96af3 SHA256: 23cca0361bbaa1edc9b3291382058d7e19f28ce09daeacaf139ce3b69fe1b5f4 SSDeep: 6:8sQPXpWR6uZv1fKzKvMP90lSACRDmgmnIGpfsnkvswTDcdLt6gRBueDpYca+c2MZ:8s6lWv8zKUmlrCV9QR0nkvFOLtddppyT	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst.gsg	1.27 KB	MD5: f4ca81b26bc77cca0e8379e064cc7e7c SHA1: 582dffb25ee016f0ef493a68960808f22701e5e9 SHA256: cdec0787d2349db11ecfd24476b239cf22bf1bc25ee986a3c8052f71969a0d37 SSDeep: 24:J/Qf5KVGnU/hSlUM1Q9iviwVLPkuOMRCyPBp0nKs:Jm5OGnUR0Q9itYMn3cF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.gsg	0.41 KB	MD5: 1072dd0c3b4bf63347635a119ce2c2d7 SHA1: 17357fb738b911de1fd71ba500ac7b64ae81a110 SHA256: c6fafb7bb7b0ed2631355cbfd5702d9f7c00dd93a7a176fd66b8cd3d1a106e77 SSDeep: 12:dZCdX/+T5gtCrCV9QR0nrJWyySW2YDcy63mml18ABV:dZCc5gtCsfVFW5Almml1vf	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.gsg	0.36 KB	MD5: 5a2ecb17844acbfd999a8fa16d3ec1ca SHA1: 1c9226347f36652e5b4e33bd92c40f8d71f6c17f SHA256: 3f2cf51de3d17e42ec60fe5540a35ab3fdb60b28ee5106acbdf46f572d6c7a4c SSDeep: 6:/yIBpDdp0IQOusXhGwpFOvSACRDmgmnIGpfsnBpFBgZXf2sOgYdmOhQGWhUm:6GJHQOph3pFOvrCV9QR0n9iO3OG8/	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.gsg	0.66 KB	MD5: bdf72f732fd71e806194afcf90c16559 SHA1: 88bc2b1b773ef6e2067edf1265abab02b8f90666 SHA256: caa424d9a6a5586f93011e970ab50be84cd45f13ab07e3a6e9b9613eeaf99102 SSDeep: 12:zFdSXUtctJE9lJNqh4P4KK8oxJnD+EtcKfWVzuKAvy2nnIdRFDUSY+En/c+V:xEXUtjNNqIK9xJD+8cKEuKKyAmhUSYWm	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.gsg	0.22 KB	MD5: 00f311dbf24d020706a05af3b3fd4ff8 SHA1: 90f775949f51e8ffa9e0870a497c87efda016718 SHA256: 0d05eb78536899abbf19d4db789fda43d4e3f5de51ae9af6a3bb6394cb00843a SSDeep: 6:CYaLQVx8HjpBMS6gIj4jlv9IdZU/5487VM:CyIprlidZm5XVM	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat.gsg	0.16 KB	MD5: bbcfb0dbfa988d7c4220c8b0dab59a98 SHA1: b388f3d5a98c9e30c4feb5b2e3bae5b464be53d5 SHA256: f689b4ae3c93d60f33fcde014407537a6d9f828076e52e2e710cdc766defda22 SSDeep: 3:Wiz21UC3iTrR02JnaiXfJZJK4GoiGtc3hcxuxHD0iRtjUly0ppGa2KF:WaeZSnP9KLoDq3hSuxHD1RJ8nppNDF	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.gsg	0.36 KB	MD5: d72ed312b8a79055ba26037958e0ab9a SHA1: 3ca10ae40e41e80121a6b3eff6eeda4cff92f005 SHA256: 27c42ef545ca1eea64a623482f6dd32f6ad79cafba3b91258f571ce5a3a656fc SSDeep: 6:zjQKcj6qAKpTgTIc3UzuKgbi8LlZ8JSACRDmgmnIGpfsn5mfShASavkt2fIszgOK:nTqAKbSAgbzlZKrCV9QR0nphbavOSL7O	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.gsg	0.36 KB	MD5: a7724cea60a86e13c2201e4893b728a4 SHA1: 089426d387b8fd8a82c8df461711181f08a71542 SHA256: c5f609ab22631c802ecc678e267f1e328023741ef87daf09cc677dfdcaccf2ae SSDeep: 6:OtOFw9W8TANrLfgRxOZN/vlJRSACRDmgmnIGpfsnlYTLDtYnNbaSRyvuc1VQnx1g:Oth9W8Utk2ZBvTRrCV9QR0niTibVRyvJ	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.gsg	0.34 KB	MD5: 2326f81d019702e7bb04218a14d5d356 SHA1: 469563418dc9f9e049d463b2faf811dcfb804148 SHA256: 855cb6b7343932b8f91c29d2bcf2bed3ace80fb6187719d4ea0ecb9f7a6fcbc4 SSDeep: 6:S3FF5BhOPd8Ben/oSACRDmgmnIGpfsnTWkh3ez1cUV6KANwvKqMxjScP5n:wFLBhO+BeArCV9QR0nThhulV6hNwvKqa	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.gsg	62.06 KB	MD5: 88d4e513c1371d60b5a421fea0400f60 SHA1: e3aef4545bda7d59686739d2307797184c8960f2 SHA256: 345b3cc99a331868436501a9b6b7c0fbe1ff697dd1bbb7ffb4550d7ac4809554 SSDeep: 768:9Skn2f0MmI96AIS9E/0MkWSvp6ecBMwwnD8amCEoe0RBX8oz/fHsInvPNhSVjW9L:9VQmgLdKMvp65wnPmcfMkmsNhnrmVB5u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.gsg	0.36 KB	MD5: b2ab7076bed94bce87bbb1c9ceaabab8 SHA1: c8045a97758fef0cdff263e4260263f0232cc6da SHA256: f265c8a62d9524829dec68baf7a0a8ffd9ac74889d164f9a3dac3b8ac57d96a4 SSDeep: 6:6NNSl1LY8zZSJrCqC21/QSSACRDmgmnIGpfsnrSl6MZz2CP4N49WJiK62HahiJHv:mQlBY1Ca/QSrCV9QR0nslPi/Jx6kVrd	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.gsg	0.30 KB	MD5: 809f1927c9eb15e711e2426b4b67dd25 SHA1: 4b202c09f2ad87577444b23509d771c0c78a6a3e SHA256: a3fce29ff6655f875b41616165f0ad2cbde5e52a7493605308902d7f4eea6470 SSDeep: 6:VKpSq576oc2lqDoqBArM2EpC9oK2DI36N2dgYFPJFwIa2:goVPoQ4BkI2YFPJG72	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.gsg	0.66 KB	MD5: 64ec31635bc5ac6a74dbbc1d4bd556fa SHA1: 3f45398ad4279210a1cec65f127a1edd0507ee42 SHA256: 805bb5248c87fecde0c70e28d14b56420a1214270decb31fd76207133871d863 SSDeep: 12:/8Bvb5fpKPo7cY6o3Bc15hk9MuL1epCsbnuIP94oTnhodJITUqimUqT7IBo:/wb5xOo7f6o30ZbuC9lTnedSTUxhaIq	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.gsg	7.14 KB	MD5: 9dd094dc2b8023ff691a6d1b7ddcc25f SHA1: 2c50f2c9dbdf97278fb0d072635c1369a6b4b3b8 SHA256: ddbf1c790b094cc7d9041edad46d35c4c6486ef8be110f448ea199a9cdec6337 SSDeep: 192:v5gsq/wMHk+1E2uvq1CBMEZcG6uUz2v9F54bZ3zY2o+Wea:LwbEuf5uUqv9F5izsea	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.gsg	52.45 KB	MD5: 7ba3499ea7c4a5fcbb4b8f6ca0487c06 SHA1: 2a4bf8267e9ac73b61584914dad4a3d2fe2f9f9c SHA256: 5c7c6f11bb48fc134f51e23c990c1c705f33e14849c550a0658478053704207c SSDeep: 1536:UMsXWHWlTn8KAmaNvkJ/doyBQxsOuC5VqBI5/IpzoNGep8B:Uwu8cgsJ/djAsW5VqBI5ezoNd6	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old.gsg	0.45 KB	MD5: 4722bbb73b57addc80dfe9547a85a15a SHA1: 5983a52a82b807637d47c6c6af4f7fb974e4af26 SHA256: a4dd17c9bc00cf073f653e51b2994e2ad957cc1a3e16ee379d3054bcf7a8d6a9 SSDeep: 12:d+KDrEmxRMx0hcGUkMw50PGJcPI9AVCZgYVCdhF:zh+ShjFhG+KYsd	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.gsg	0.36 KB	MD5: f99286848434dd42bb128376a33f8cd2 SHA1: 7ff08043f0d264416b1e6851f495ac2f7b2c8522 SHA256: 75499a84880b935784b67b7a4f8a58cff87b97edcbc53df21b387bec6f83d57a SSDeep: 6:W6x24IK+PReCEB1vmY4vJ16geMfspm3jGETOlSACRDmgmnIGpfsnOQsk0Q2qNA/q:1x2VVEHTuYg1tEpGaEarCV9QR0nOQ/0u	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.gsg	3.00 MB	MD5: cfa3e8449390d75766f864456be0ec9a SHA1: 08046a5d4c4830bc131a709f3b575a4a17e388c6 SHA256: d7cacf51114924d87c17bd447138253ea20bf6371e8716e4a7b5068b32f46c40 SSDeep: 49152:lZZIMJkGYjuCshxkT5sYXnJ+16NHx/bPifreAb+8n1f8L8uYhfO+:pM9juC4x0WeJ+qRzOvn1f84b	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.gsg	0.39 KB	MD5: 7e8515738480c7368e74d08885475126 SHA1: a0e66ba3d2bd1a4072c0e5bbc5f5781af4abe0a2 SHA256: f6f6178a644ba8053029b1f0774837f1b0c226f9eb3ae72790e5af0bd023aacd SSDeep: 12:gnWpC3/AdsKzIJofutVhKT/WhceK5NWYGU6:gWAYdsdoyV0+TKOYj6	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst.gsg	146.97 KB	MD5: 16847f6ee0b98287ffaed57f627d1b92 SHA1: 91b087ae7cb7abb7bea21629c2f32a3af38708ec SHA256: 5e9617beddf70259573317758ce775648e0a1f99e8167c88ffc3fbb51cf46bde SSDeep: 3072:UMy3G8Nhmd5KZOCfOJfurue9UuzJR+6fwGRZuurhg36GUlC+j5Juu:U53G8XpOCYurj9Uuz7+gwGRAuVE6GJSJ	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.gsg	1.14 KB	MD5: 269a3367418e8eae51ccdcb9f9fd4409 SHA1: 7d56cf9166214ea548c0dc02dc8335601980f43d SHA256: 7e30d907992b4f8df5b0e07d7d47480e658eb15070ac353460fccf1a2de72ec1 SSDeep: 24:X9kNNqIK9xJD+8cKEuKKyAmhUSYW+VN2PAyCTyDjO9m+VrN:X94NPK9xJqZw9wYWe2Iry/OQ+Vx	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.gsg	0.34 KB	MD5: 2dc0a1507c31bdf2df5f7799df05b27f SHA1: 2834fa927eb20db5de20359d55354a1a24d2c842 SHA256: 7760fb45efddd4943b999335516e2d644648e5f7b2e384eab7a5069969ccacb6 SSDeep: 6:vzGHwLnSeDdEN00lmt/LOvSACRDmgmnIGpfsnFF877QqNeV6hq3h0ZntJXw+BLhe:vzNHKJ8/6vrCV9QR0nTIQ6kh0ZtJgljL	... File Actions Show Properties Download
C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.gsg	0.17 KB	MD5: 0ec6dab42931ea237ef29c214a8c29ea SHA1: a1096b553146c603408f23152d18962204f47204 SHA256: 47a6c362eb6cc8cd805013abf1bf8169f4ee057ecab9e464fc218e8ad2792330 SSDeep: 3:AgH5wpbmgf9gLBNL4kKUzCq4ZV52rZXOHc3edRyK9ofjXNqreC4A0c7:fyf9gLcD/q4ZqpOHGedRRej0yC4Vc7	... File Actions Show Properties Download

Host Behavior

File (27798)

Operation	Filename	Additional Information	Count	Logfile
Create	-	desired_access = GENERIC_READ	1	Fn
Create	-	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\$Recycle.Bin\S-1-5-18\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\BCD.LOG.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\bg-BG\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\bg-BG\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\cs-CZ\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\da-DK\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\de-DE\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\el-GR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-GB\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-GB\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\en-US\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-ES\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-MX\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\es-MX\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\et-EE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\et-EE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fi-FI\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\chs_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\cht_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\jpn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\kor_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgunn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\malgun_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryon_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\meiryo_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjhn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msjh_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyhn_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\msyh_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segmono_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoen_slboot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\segoe_slboot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Fonts\wgl4_boot.ttf.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-CA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-CA\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\fr-FR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hr-HR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hr-HR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\hu-HU\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\it-IT\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ja-JP\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ko-KR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lt-LT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lt-LT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lv-LV\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\lv-LV\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nb-NO\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\nl-NL\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pl-PL\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-BR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\pt-PT\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\qps-ploc\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Resources\en-US\bootres.dll.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\Resources\en-US\bootres.dll.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ro-RO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ro-RO\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\ru-RU\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sk-SK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sk-SK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sl-SI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sl-SI\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-CS\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\sv-SE\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\tr-TR\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\uk-UA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\uk-UA\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-CN\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-HK\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\bootmgr.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Boot\zh-TW\memtest.exe.mui.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Config.Msi\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\hiberfil.sys.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\pagefile.sys.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\PerfLogs\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Adobe\ARM\Reader_17.012.20098\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\S\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\ARM\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Adobe\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Application Data\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Comms\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Desktop\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Documents\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\Integration\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\MachineData\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.Platform.Culture.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.Platform.Culture.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\Stream.Platform.Culture.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\Stream.Platform.Culture.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\Stream.Platform.x-none.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\Stream.Platform.x-none.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\UserData\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeOsfInstaller.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeOsfInstaller.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\ClickToRun\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\DSS\MachineKeys\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\DSS\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\Keys\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\PCPKSP\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\RSA\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\SystemKeys\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Crypto\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\DataMart\PaidWiFi\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\DataMart\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Device\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\Task\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Device Stage\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\DeviceSync\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Diagnosis\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\DRM\Server\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\DRM\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Event Viewer\Views\ApplicationViewsRootNode\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Event Viewer\Views\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Event Viewer\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\IdentityCRL\INT\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\IdentityCRL\production\temp\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\IdentityCRL\production\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\IdentityCRL\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\MapData\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\MF\Active.GRL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\MF\Active.GRL.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\MF\Pending.GRL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\MF\Pending.GRL.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\MF\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\NetFramework\BreadcrumbStore\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\NetFramework\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Network\Connections\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Network\Downloader\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Network\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Office\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\countrytable.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\countrytable.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Provisioning\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Search\Data\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Search\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\SmsRouter\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\guest.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\guest.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-192.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-192.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-32.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-32.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-40.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-40.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-48.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user-48.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user.bmp.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\user.png.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\User Account Pictures\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\Vault\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WDF\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WinMSIPC\Server\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WinMSIPC\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WwanSvc\DMProfiles\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WwanSvc\Profiles\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\WwanSvc\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft OneDrive\setup\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Microsoft OneDrive\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Oracle\Java\.oracle_jre_usage\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\Java\installcache_x64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\Java\javapath\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\Java\javapath_target_5923062\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\Java\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Oracle\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Package Cache\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\regid.1991-06.com.microsoft\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\SoftwareDistribution\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Start Menu\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\Templates\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOPrivate\UpdateStore\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\USOPrivate\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateUx.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\UpdateUx.001.etl.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\ProgramData\USOShared\Logs\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\ProgramData\USOShared\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Recovery\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\swapfile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\swapfile.sys.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\System Volume Information\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Desktop\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Catalog\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\Integration\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\MachineData\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.Platform.Culture.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.Platform.Culture.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\MasterDescriptor.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\MasterDescriptor.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\s641033.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\s641033.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\Stream.Platform.Culture.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\Stream.Platform.Culture.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\MasterDescriptor.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\MasterDescriptor.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\s640.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\s640.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\Stream.Platform.x-none.man.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\Stream.Platform.x-none.man.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.hash	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.hash.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.man.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.man.dat.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\ProductReleases\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\UserData\README_BACK_FILES.htm	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.gsg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Copy	C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml	source_filename = C:\\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.gsg	1	Fn
Read	C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt	size = 896, size_out = 90	1	Fn Data
Read	C:\\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt	size = 896, size_out = 90	1	Fn Data
For performance reasons, the remaining 6003 entries are omitted. The remaining entries can be found in glog.xml.

Registry (3)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\FUCK\	value_name = PERSONALID, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = HD AUDIO, data = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 42, type = REG_SZ	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	cmd /c vssadmin delete shadows /all /quiet	os_pid = 0x36c, creation_flags = CREATE_REALTIME_PRIORITY_CLASS, show_window = SW_HIDE		1	Fn

Module (227)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.dll	base_address = 0x76870000	1	Fn
Load	USER32.dll	base_address = 0x76e40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x76040000	1	Fn
Load	CRYPT32.dll	base_address = 0x74400000	1	Fn
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x76510000	1	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x76510000	1	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x76510000	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-2	base_address = 0x760c0000	1	Fn
Load	kernel32	base_address = 0x76870000	1	Fn
Load	api-ms-win-core-string-l1-1-0	base_address = 0x76510000	1	Fn
Load	api-ms-win-core-datetime-l1-1-1	base_address = 0x76510000	1	Fn
Load	api-ms-win-core-localization-obsolete-l1-2-0	base_address = 0x76510000	1	Fn
Load	api-ms-win-core-sysinfo-l1-2-1	base_address = 0x76510000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76870000	15	Fn
Get Handle	c:\users\ciihmnxmn6ps\desktop\twitchru.exe	base_address = 0x400000	2	Fn
Get Handle	c:\windows\syswow64\ntdll.dll	base_address = 0x76f90000	2	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x76040000	2	Fn
Get Filename	-	process_name = c:\users\ciihmnxmn6ps\desktop\twitchru.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 260	3	Fn
Get Filename	-	process_name = c:\users\ciihmnxmn6ps\desktop\twitchru.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe, size = 256	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x7688a330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76887580	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76889910	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x7688f400	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x76fef190	10	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x76fea200	7	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76889680	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesA, address_out = 0x76896310	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesA, address_out = 0x76896500	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76893a30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x768964a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileA, address_out = 0x7688c510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x768961a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32Next, address_out = 0x7688c8e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileA, address_out = 0x76896210	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileA, address_out = 0x76896270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x768961d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x768964f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76896920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x76fe4f40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x7688fbc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x7688f6f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x768892b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32First, address_out = 0x7688ed60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76897510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76896590	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76896170	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x7688efc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x7688a390	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x7688a040	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x768962f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDriveStringsA, address_out = 0x768ae9a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76895f20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76896110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x768b0960	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x7688a060	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileA, address_out = 0x7688c240	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleWindow, address_out = 0x768d6940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x768875a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x76895f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObjectEx, address_out = 0x76896120	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x768877b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76882da0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x768875c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76881b90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeThread, address_out = 0x7688eed0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x76fd5e80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x76fd5e00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TryEnterCriticalSection, address_out = 0x76fe9070	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x76fe9920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76882db0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76882d60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76882dc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76882af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76896020	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76895fa0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76889a70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76881ba0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76881da0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76889930	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76882b90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x768957f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76889660	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76887940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76892230	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76889a40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x7688c800	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x768879b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76889fc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x768b28e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x7688a2c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76881d90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSListHead, address_out = 0x76ff1fc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7688a790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x7688a080	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueue, address_out = 0x768b0ae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x768960c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SignalObjectAndWait, address_out = 0x768b2850	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x76889f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76889700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadPriority, address_out = 0x76889490	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadPriority, address_out = 0x768896a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x7688a550	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueueTimer, address_out = 0x76894a00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ChangeTimerQueueTimer, address_out = 0x768b07c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteTimerQueueTimer, address_out = 0x76894a20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetNumaHighestNodeNumber, address_out = 0x7688a7e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x7688a220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadAffinityMask, address_out = 0x7688e0e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RegisterWaitForSingleObject, address_out = 0x76889580	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWait, address_out = 0x7688ed20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadTimes, address_out = 0x76889f80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x768898f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryAndExitThread, address_out = 0x7688a570	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76889560	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x76889640	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76887920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExW, address_out = 0x7688a2a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76888b70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76888c50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76888c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReleaseSemaphore, address_out = 0x768960a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPopEntrySList, address_out = 0x76fe8ef0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPushEntrySList, address_out = 0x76fe8ed0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedFlushSList, address_out = 0x76ff1ee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryDepthSList, address_out = 0x76fe98c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWaitEx, address_out = 0x7688eb50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x7688a0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76889a80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76889ec0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x76fcda90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitThread, address_out = 0x76ff2570	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76889fa0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x768825e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x76fcbae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x768974f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x7688a3c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x7688a4b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76888770	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76896390	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x7688a3f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76892350	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x7688f9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x768962a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76896860	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76896870	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76896540	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76887910	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileExA, address_out = 0x76896220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x7688a090	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7688fd10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x7688a3b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x7688a0f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x768b2560	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x768b26a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x768968e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76896180	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x76e752a0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDeriveKey, address_out = 0x76075b70	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExA, address_out = 0x7605f510	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExA, address_out = 0x76060750	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x7605efa0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextA, address_out = 0x76060c00	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x76060ad0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyKey, address_out = 0x7605fc10	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x7605fbf0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegGetValueA, address_out = 0x76060da0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x7605f950	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x7605f930	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x76075bd0	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x74448040	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptDecodeObjectEx, address_out = 0x74434470	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptImportPublicKeyInfo, address_out = 0x7444de80	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptBinaryToStringA, address_out = 0x74422290	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsSetValue, address_out = 0x765c3770	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = InitializeCriticalSectionEx, address_out = 0x765c3ae0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsAlloc, address_out = 0x765c6530	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsGetValue, address_out = 0x765ba7b0	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LCMapStringEx, address_out = 0x765b3690	1	Fn
Get Address	c:\windows\syswow64\kernel.appcore.dll	function = AppPolicyGetThreadInitializationType, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x7688f9b0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = CompareStringEx, address_out = 0x765b4500	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = EnumSystemLocalesEx, address_out = 0x765ce350	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetDateFormatEx, address_out = 0x7661b710	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetLocaleInfoEx, address_out = 0x765ad3f0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetTimeFormatEx, address_out = 0x7661b9e0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetUserDefaultLocaleName, address_out = 0x765c2510	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = IsValidLocaleName, address_out = 0x765ac210	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LCIDToLocaleName, address_out = 0x765c04a0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LocaleNameToLCID, address_out = 0x765c64c0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = GetSystemTimePreciseAsFileTime, address_out = 0x765d08e0	1	Fn

Window (1)

Operation	Window Name	Additional Information	Success	Count	Logfile
Create	End	class_name = EndJoin, wndproc_parameter = 0		1	Fn

System (251)

Operation	Additional Information	Count	Logfile
Get Cursor	x_out = 864, y_out = 359	1	Fn
Get Time	type = Ticks, time = 57765	1	Fn
Get Time	type = Ticks, time = 57843	5	Fn
Get Time	type = Ticks, time = 57859	7	Fn
Get Time	type = Ticks, time = 57875	2	Fn
Get Time	type = Ticks, time = 57890	4	Fn
Get Time	type = Ticks, time = 57906	5	Fn
Get Time	type = Ticks, time = 57921	6	Fn
Get Time	type = Ticks, time = 57937	5	Fn
Get Time	type = Ticks, time = 57953	2	Fn
Get Time	type = Ticks, time = 57968	5	Fn
Get Time	type = Ticks, time = 57984	6	Fn
Get Time	type = Ticks, time = 58000	5	Fn
Get Time	type = Ticks, time = 58031	12	Fn
Get Time	type = Ticks, time = 58046	5	Fn
Get Time	type = Ticks, time = 58078	1	Fn
Get Time	type = Ticks, time = 58125	5	Fn
Get Time	type = Ticks, time = 58140	3	Fn
Get Time	type = Ticks, time = 58156	7	Fn
Get Time	type = Ticks, time = 58171	1	Fn
Get Time	type = Ticks, time = 58187	6	Fn
Get Time	type = Ticks, time = 58203	3	Fn
Get Time	type = Ticks, time = 58218	5	Fn
Get Time	type = Ticks, time = 58234	7	Fn
Get Time	type = Ticks, time = 58250	7	Fn
Get Time	type = Ticks, time = 58265	8	Fn
Get Time	type = Ticks, time = 58281	8	Fn
Get Time	type = Ticks, time = 58296	4	Fn
Get Time	type = Ticks, time = 58312	4	Fn
Get Time	type = Ticks, time = 58328	6	Fn
Get Time	type = Ticks, time = 58343	3	Fn
Get Time	type = Ticks, time = 58375	13	Fn
Get Time	type = Ticks, time = 58390	3	Fn
Get Time	type = Ticks, time = 58406	5	Fn
Get Time	type = Ticks, time = 58421	7	Fn
Get Time	type = Ticks, time = 58437	5	Fn
Get Time	type = Ticks, time = 58453	7	Fn
Get Time	type = Ticks, time = 58468	5	Fn
Get Time	type = Ticks, time = 58484	2	Fn
Get Time	type = Ticks, time = 58500	10	Fn
Get Time	type = Ticks, time = 58531	7	Fn
Get Time	type = Ticks, time = 58546	2	Fn
Get Time	type = Ticks, time = 58562	8	Fn
Get Time	type = Ticks, time = 58578	9	Fn
Get Time	type = Ticks, time = 58593	11	Fn
Get Time	type = Ticks, time = 58609	7	Fn
Get Time	type = System Time, time = 2018-12-06 10:46:08 (UTC)	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #9: cmd.exe

Information	Value
ID	#9
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd /c vssadmin delete shadows /all /quiet
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:50, Reason: Child Process
Unmonitor	End Time: 00:03:52, Reason: Self Terminated
Monitor Duration	00:00:02

OS Process Information

Information	Value
PID	0x36c
Parent PID	0x784 (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B08 0x B0C

Region

Name	Start VA	End VA	Type	Permissions	Actions
cmd.exe	0x008c0000	0x0090ffff	Memory Mapped File	rwx	-
pagefile_0x0000000000ee0000	0x00ee0000	0x04edffff	Pagefile Backed Memory	-	-
private_0x0000000004ee0000	0x04ee0000	0x04efffff	Private Memory	rw	-
pagefile_0x0000000004ee0000	0x04ee0000	0x04eeffff	Pagefile Backed Memory	rw	-
private_0x0000000004ef0000	0x04ef0000	0x04ef3fff	Private Memory	rw	-
private_0x0000000004f00000	0x04f00000	0x04f01fff	Private Memory	rw	-
private_0x0000000004f00000	0x04f00000	0x04f03fff	Private Memory	rw	-
pagefile_0x0000000004f10000	0x04f10000	0x04f23fff	Pagefile Backed Memory	r	-
private_0x0000000004f30000	0x04f30000	0x04f6ffff	Private Memory	rw	-
private_0x0000000004f70000	0x04f70000	0x0506ffff	Private Memory	rw	-
pagefile_0x0000000005070000	0x05070000	0x05073fff	Pagefile Backed Memory	r	-
pagefile_0x0000000005080000	0x05080000	0x05080fff	Pagefile Backed Memory	r	-
private_0x0000000005090000	0x05090000	0x05091fff	Private Memory	rw	-
locale.nls	0x050a0000	0x0515dfff	Memory Mapped File	r	-
private_0x0000000005160000	0x05160000	0x0519ffff	Private Memory	rw	-
private_0x00000000051a0000	0x051a0000	0x051affff	Private Memory	rw	-
private_0x00000000051b0000	0x051b0000	0x052affff	Private Memory	rw	-
private_0x0000000005340000	0x05340000	0x0543ffff	Private Memory	rw	-
private_0x0000000005530000	0x05530000	0x0553ffff	Private Memory	rw	-
sortdefault.nls	0x05540000	0x05876fff	Memory Mapped File	r	-
wow64win.dll	0x716e0000	0x71752fff	Memory Mapped File	rwx	-
wow64cpu.dll	0x71760000	0x71767fff	Memory Mapped File	rwx	-
wow64.dll	0x71770000	0x717befff	Memory Mapped File	rwx	-
msvcrt.dll	0x75e40000	0x75efdfff	Memory Mapped File	rwx	-
kernelbase.dll	0x76510000	0x76685fff	Memory Mapped File	rwx	-
kernel32.dll	0x76870000	0x7695ffff	Memory Mapped File	rwx	-
ntdll.dll	0x76f90000	0x77108fff	Memory Mapped File	rwx	-
pagefile_0x000000007ea40000	0x7ea40000	0x7eb3ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007eb40000	0x7eb40000	0x7eb62fff	Pagefile Backed Memory	r	-
private_0x000000007eb67000	0x7eb67000	0x7eb67fff	Private Memory	rw	-
private_0x000000007eb69000	0x7eb69000	0x7eb6bfff	Private Memory	rw	-
private_0x000000007eb6c000	0x7eb6c000	0x7eb6cfff	Private Memory	rw	-
private_0x000000007eb6d000	0x7eb6d000	0x7eb6ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dfa4d88ffff	Private Memory	r	-
pagefile_0x00007dfa4d890000	0x7dfa4d890000	0x7ffa4d88ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ffa4d890000	0x7ffa4da51fff	Memory Mapped File	rwx	-
private_0x00007ffa4da52000	0x7ffa4da52000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

File (10)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Windows\system32	type = file_attributes	1	Fn
Get Info	C:\Windows\System32	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE	-	5	Fn
Open	STD_INPUT_HANDLE	-	3	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 117, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\vssadmin.exe	os_pid = 0x860, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0x8c0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76870000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x768b2780	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x7688fa80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7688a790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x766235c0	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Windows\System32	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000002	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #10: vssadmin.exe

Information	Value
ID	#10
File Name	c:\windows\syswow64\vssadmin.exe
Command Line	vssadmin delete shadows /all /quiet
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:50, Reason: Child Process
Unmonitor	End Time: 00:03:52, Reason: Self Terminated
Monitor Duration	00:00:02
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x860
Parent PID	0x36c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 744 0x 8B0 0x B04 0x B18 0x 888

Region

Name	Start VA	End VA	Type	Permissions	Actions
vssadmin.exe	0x002c0000	0x002ddfff	Memory Mapped File	rwx	-
pagefile_0x00000000006b0000	0x006b0000	0x046affff	Pagefile Backed Memory	-	-
private_0x00000000046b0000	0x046b0000	0x046cffff	Private Memory	rw	-
pagefile_0x00000000046b0000	0x046b0000	0x046bffff	Pagefile Backed Memory	rw	-
private_0x00000000046c0000	0x046c0000	0x046c3fff	Private Memory	rw	-
private_0x00000000046d0000	0x046d0000	0x046d1fff	Private Memory	rw	-
vssadmin.exe.mui	0x046d0000	0x046dcfff	Memory Mapped File	r	-
pagefile_0x00000000046e0000	0x046e0000	0x046f3fff	Pagefile Backed Memory	r	-
private_0x0000000004700000	0x04700000	0x0473ffff	Private Memory	rw	-
private_0x0000000004740000	0x04740000	0x0477ffff	Private Memory	rw	-
pagefile_0x0000000004780000	0x04780000	0x04783fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004790000	0x04790000	0x04790fff	Pagefile Backed Memory	r	-
private_0x00000000047a0000	0x047a0000	0x047a1fff	Private Memory	rw	-
locale.nls	0x047b0000	0x0486dfff	Memory Mapped File	r	-
private_0x0000000004870000	0x04870000	0x04870fff	Private Memory	rw	-
private_0x0000000004880000	0x04880000	0x0488ffff	Private Memory	rw	-
private_0x0000000004890000	0x04890000	0x0489ffff	Private Memory	rw	-
private_0x00000000048a0000	0x048a0000	0x0499ffff	Private Memory	rw	-
private_0x00000000049a0000	0x049a0000	0x049dffff	Private Memory	rw	-
private_0x00000000049e0000	0x049e0000	0x04a1ffff	Private Memory	rw	-
pagefile_0x0000000004a20000	0x04a20000	0x04ba7fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004bb0000	0x04bb0000	0x04d30fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004d40000	0x04d40000	0x0613ffff	Pagefile Backed Memory	r	-
private_0x0000000006140000	0x06140000	0x06140fff	Private Memory	rw	-
private_0x0000000006150000	0x06150000	0x06153fff	Private Memory	rw	-
pagefile_0x0000000006160000	0x06160000	0x06160fff	Pagefile Backed Memory	r	-
pagefile_0x0000000006170000	0x06170000	0x06170fff	Pagefile Backed Memory	r	-
wow64win.dll	0x716e0000	0x71752fff	Memory Mapped File	rwx	-
wow64cpu.dll	0x71760000	0x71767fff	Memory Mapped File	rwx	-
wow64.dll	0x71770000	0x717befff	Memory Mapped File	rwx	-
vssapi.dll	0x73860000	0x7397afff	Memory Mapped File	rwx	-
rsaenh.dll	0x73a20000	0x73a4efff	Memory Mapped File	rwx	-
cryptsp.dll	0x73a50000	0x73a62fff	Memory Mapped File	rwx	-
vsstrace.dll	0x73a70000	0x73a80fff	Memory Mapped File	rwx	-
atl.dll	0x73a90000	0x73aa7fff	Memory Mapped File	rwx	-
bcrypt.dll	0x73d90000	0x73daafff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74030000	0x74088fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74090000	0x74099fff	Memory Mapped File	rwx	-
sspicli.dll	0x740a0000	0x740bdfff	Memory Mapped File	rwx	-
gdi32.dll	0x740e0000	0x7422cfff	Memory Mapped File	rwx	-
combase.dll	0x74230000	0x743e9fff	Memory Mapped File	rwx	-
sechost.dll	0x74580000	0x745c2fff	Memory Mapped File	rwx	-
msctf.dll	0x745d0000	0x746effff	Memory Mapped File	rwx	-
imm32.dll	0x74740000	0x7476afff	Memory Mapped File	rwx	-
nsi.dll	0x75c80000	0x75c86fff	Memory Mapped File	rwx	-
msvcrt.dll	0x75e40000	0x75efdfff	Memory Mapped File	rwx	-
shlwapi.dll	0x75ff0000	0x76033fff	Memory Mapped File	rwx	-
advapi32.dll	0x76040000	0x760bafff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x760c0000	0x760cbfff	Memory Mapped File	rwx	-
oleaut32.dll	0x761e0000	0x76271fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x762d0000	0x7637bfff	Memory Mapped File	rwx	-
clbcatq.dll	0x76380000	0x76401fff	Memory Mapped File	rwx	-
kernelbase.dll	0x76510000	0x76685fff	Memory Mapped File	rwx	-
ws2_32.dll	0x766a0000	0x766fbfff	Memory Mapped File	rwx	-
kernel32.dll	0x76870000	0x7695ffff	Memory Mapped File	rwx	-
user32.dll	0x76e40000	0x76f7ffff	Memory Mapped File	rwx	-
ntdll.dll	0x76f90000	0x77108fff	Memory Mapped File	rwx	-
pagefile_0x000000007e7e0000	0x7e7e0000	0x7e8dffff	Pagefile Backed Memory	r	-
pagefile_0x000000007e8e0000	0x7e8e0000	0x7e902fff	Pagefile Backed Memory	r	-
private_0x000000007e906000	0x7e906000	0x7e908fff	Private Memory	rw	-
private_0x000000007e909000	0x7e909000	0x7e909fff	Private Memory	rw	-
private_0x000000007e90c000	0x7e90c000	0x7e90efff	Private Memory	rw	-
private_0x000000007e90f000	0x7e90f000	0x7e90ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dfa4d88ffff	Private Memory	r	-
pagefile_0x00007dfa4d890000	0x7dfa4d890000	0x7ffa4d88ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ffa4d890000	0x7ffa4da51fff	Memory Mapped File	rwx	-
private_0x00007ffa4da52000	0x7ffa4da52000	0x7ffffffeffff	Private Memory	r	-

Process #11: twitchru.exe

Information	Value
ID	#11
File Name	c:\users\ciihmnxmn6ps\desktop\twitchru.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"
Initial Working Directory	C:\Windows\
Monitor	Start Time: 00:04:39, Reason: Child Process
Unmonitor	End Time: 00:04:50, Reason: Self Terminated
Monitor Duration	00:00:11
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xad0
Parent PID	0x784 (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	-

Process #12: werfault.exe

Information	Value
ID	#12
File Name	c:\windows\syswow64\werfault.exe
Command Line	C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 23928
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:04:42, Reason: Child Process
Unmonitor	End Time: 00:04:48, Reason: Self Terminated
Monitor Duration	00:00:06
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xabc
Parent PID	0x784 (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A98 0x A38 0x BFC 0x AF0 0x B2C 0x 7A0 0x 7A8 0x 7A4 0x 7B0

Region

Name	Start VA	End VA	Type	Permissions	Actions
werfault.exe	0x00140000	0x00182fff	Memory Mapped File	rwx	-
pagefile_0x0000000000380000	0x00380000	0x0437ffff	Pagefile Backed Memory	-	-
private_0x0000000004380000	0x04380000	0x0439ffff	Private Memory	rw	-
pagefile_0x0000000004380000	0x04380000	0x0438ffff	Pagefile Backed Memory	rw	-
private_0x0000000004390000	0x04390000	0x04393fff	Private Memory	rw	-
private_0x00000000043a0000	0x043a0000	0x043a0fff	Private Memory	rw	-
private_0x00000000043a0000	0x043a0000	0x043a3fff	Private Memory	rw	-
pagefile_0x00000000043b0000	0x043b0000	0x043c3fff	Pagefile Backed Memory	r	-
private_0x00000000043d0000	0x043d0000	0x0440ffff	Private Memory	rw	-
private_0x0000000004410000	0x04410000	0x0444ffff	Private Memory	rw	-
pagefile_0x0000000004450000	0x04450000	0x04453fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004460000	0x04460000	0x04462fff	Pagefile Backed Memory	r	-
private_0x0000000004470000	0x04470000	0x04471fff	Private Memory	rw	-
locale.nls	0x04480000	0x0453dfff	Memory Mapped File	r	-
private_0x0000000004540000	0x04540000	0x0457ffff	Private Memory	rw	-
werfault.exe.mui	0x04580000	0x04583fff	Memory Mapped File	r	-
private_0x0000000004590000	0x04590000	0x04590fff	Private Memory	rw	-
private_0x00000000045a0000	0x045a0000	0x045affff	Private Memory	rw	-
private_0x00000000045b0000	0x045b0000	0x045effff	Private Memory	rw	-
private_0x00000000045f0000	0x045f0000	0x045f0fff	Private Memory	rw	-
pagefile_0x0000000004600000	0x04600000	0x04600fff	Pagefile Backed Memory	rw	-
private_0x0000000004610000	0x04610000	0x04610fff	Private Memory	rw	-
private_0x0000000004620000	0x04620000	0x0471ffff	Private Memory	rw	-
private_0x0000000004720000	0x04720000	0x0475ffff	Private Memory	rw	-
private_0x0000000004760000	0x04760000	0x0479ffff	Private Memory	rw	-
faultrep.dll.mui	0x047a0000	0x047a1fff	Memory Mapped File	r	-
private_0x00000000047b0000	0x047b0000	0x047b0fff	Private Memory	rw	-
wer.dll.mui	0x047c0000	0x047c2fff	Memory Mapped File	r	-
private_0x00000000047d0000	0x047d0000	0x047d3fff	Private Memory	rw	-
pagefile_0x00000000047e0000	0x047e0000	0x047e1fff	Pagefile Backed Memory	r	-
pagefile_0x00000000047f0000	0x047f0000	0x047f1fff	Pagefile Backed Memory	r	-
werui.dll.mui	0x04800000	0x04804fff	Memory Mapped File	r	-
pagefile_0x0000000004810000	0x04810000	0x04811fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004820000	0x04820000	0x04820fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004830000	0x04830000	0x04831fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004840000	0x04840000	0x04843fff	Pagefile Backed Memory	r	-
private_0x0000000004850000	0x04850000	0x0485ffff	Private Memory	rw	-
private_0x0000000004860000	0x04860000	0x0486ffff	Private Memory	rw	-
pagefile_0x0000000004870000	0x04870000	0x049f7fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004a00000	0x04a00000	0x04b80fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004b90000	0x04b90000	0x05f8ffff	Pagefile Backed Memory	r	-
private_0x0000000005f90000	0x05f90000	0x0600ffff	Private Memory	rw	-
private_0x0000000006010000	0x06010000	0x0604ffff	Private Memory	rw	-
private_0x0000000006050000	0x06050000	0x0608ffff	Private Memory	rw	-
private_0x0000000006090000	0x06090000	0x060cffff	Private Memory	rw	-
private_0x00000000060d0000	0x060d0000	0x060dffff	Private Memory	rw	-
sortdefault.nls	0x060e0000	0x06416fff	Memory Mapped File	r	-
private_0x0000000006420000	0x06420000	0x0651ffff	Private Memory	rw	-
private_0x0000000006520000	0x06520000	0x0661ffff	Private Memory	rw	-
private_0x0000000006620000	0x06620000	0x0671ffff	Private Memory	rw	-
kernelbase.dll.mui	0x06720000	0x067fefff	Memory Mapped File	r	-
private_0x0000000006800000	0x06800000	0x068fffff	Private Memory	rw	-
private_0x0000000006900000	0x06900000	0x0693ffff	Private Memory	rw	-
private_0x0000000006940000	0x06940000	0x0697ffff	Private Memory	rw	-
private_0x0000000006980000	0x06980000	0x069bffff	Private Memory	rw	-
private_0x00000000069c0000	0x069c0000	0x069fffff	Private Memory	rw	-
private_0x0000000006a00000	0x06a00000	0x06a3ffff	Private Memory	rw	-
private_0x0000000006a40000	0x06a40000	0x06a7ffff	Private Memory	rw	-
private_0x0000000006a80000	0x06a80000	0x06abffff	Private Memory	rw	-
pagefile_0x0000000006ac0000	0x06ac0000	0x06b77fff	Pagefile Backed Memory	r	-
user32.dll.mui	0x06b80000	0x06b84fff	Memory Mapped File	r	-
private_0x0000000006b90000	0x06b90000	0x06b93fff	Private Memory	rw	-
duser.dll.mui	0x06ba0000	0x06ba0fff	Memory Mapped File	r	-
wow64win.dll	0x716e0000	0x71752fff	Memory Mapped File	rwx	-
wow64cpu.dll	0x71760000	0x71767fff	Memory Mapped File	rwx	-
wow64.dll	0x71770000	0x717befff	Memory Mapped File	rwx	-
dbgmodel.dll	0x732c0000	0x73327fff	Memory Mapped File	rwx	-
xmllite.dll	0x73330000	0x7335cfff	Memory Mapped File	rwx	-
dbgeng.dll	0x73360000	0x7374afff	Memory Mapped File	rwx	-
atlthunk.dll	0x733d0000	0x733dcfff	Memory Mapped File	rwx	-
xmllite.dll	0x733e0000	0x7340cfff	Memory Mapped File	rwx	-
msls31.dll	0x73410000	0x7343cfff	Memory Mapped File	rwx	-
usp10.dll	0x73440000	0x73455fff	Memory Mapped File	rwx	-
riched20.dll	0x73460000	0x734e0fff	Memory Mapped File	rwx	-
duser.dll	0x734f0000	0x73569fff	Memory Mapped File	rwx	-
dui70.dll	0x73570000	0x736d6fff	Memory Mapped File	rwx	-
werui.dll	0x736e0000	0x73743fff	Memory Mapped File	rwx	-
faultrep.dll	0x73750000	0x737a2fff	Memory Mapped File	rwx	-
dbghelp.dll	0x737b0000	0x738eefff	Memory Mapped File	rwx	-
wer.dll	0x738f0000	0x73974fff	Memory Mapped File	rwx	-
dwmapi.dll	0x73980000	0x7399cfff	Memory Mapped File	rwx	-
secur32.dll	0x739a0000	0x739a9fff	Memory Mapped File	rwx	-
dbgcore.dll	0x739b0000	0x739d0fff	Memory Mapped File	rwx	-
devobj.dll	0x739e0000	0x73a00fff	Memory Mapped File	rwx	-
ntmarta.dll	0x73a10000	0x73a37fff	Memory Mapped File	rwx	-
rsaenh.dll	0x73a60000	0x73a8efff	Memory Mapped File	rwx	-
cryptsp.dll	0x73a90000	0x73aa2fff	Memory Mapped File	rwx	-
comctl32.dll	0x73b00000	0x73d08fff	Memory Mapped File	rwx	-
uxtheme.dll	0x73d10000	0x73d84fff	Memory Mapped File	rwx	-
bcrypt.dll	0x73d90000	0x73daafff	Memory Mapped File	rwx	-
version.dll	0x73f80000	0x73f87fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74030000	0x74088fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74090000	0x74099fff	Memory Mapped File	rwx	-
sspicli.dll	0x740a0000	0x740bdfff	Memory Mapped File	rwx	-
gdi32.dll	0x740e0000	0x7422cfff	Memory Mapped File	rwx	-
combase.dll	0x74230000	0x743e9fff	Memory Mapped File	rwx	-
sechost.dll	0x74580000	0x745c2fff	Memory Mapped File	rwx	-
msctf.dll	0x745d0000	0x746effff	Memory Mapped File	rwx	-
powrprof.dll	0x746f0000	0x74733fff	Memory Mapped File	rwx	-
imm32.dll	0x74740000	0x7476afff	Memory Mapped File	rwx	-
shell32.dll	0x747d0000	0x75b8efff	Memory Mapped File	rwx	-
shcore.dll	0x75b90000	0x75c1cfff	Memory Mapped File	rwx	-
msvcrt.dll	0x75e40000	0x75efdfff	Memory Mapped File	rwx	-
ole32.dll	0x75f00000	0x75fe9fff	Memory Mapped File	rwx	-
shlwapi.dll	0x75ff0000	0x76033fff	Memory Mapped File	rwx	-
advapi32.dll	0x76040000	0x760bafff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x760c0000	0x760cbfff	Memory Mapped File	rwx	-
oleaut32.dll	0x761e0000	0x76271fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x762d0000	0x7637bfff	Memory Mapped File	rwx	-
clbcatq.dll	0x76380000	0x76401fff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x76410000	0x76445fff	Memory Mapped File	rwx	-
kernelbase.dll	0x76510000	0x76685fff	Memory Mapped File	rwx	-
profapi.dll	0x76690000	0x7669efff	Memory Mapped File	rwx	-
kernel32.dll	0x76870000	0x7695ffff	Memory Mapped File	rwx	-
windows.storage.dll	0x76960000	0x76e3cfff	Memory Mapped File	rwx	-
user32.dll	0x76e40000	0x76f7ffff	Memory Mapped File	rwx	-
ntdll.dll	0x76f90000	0x77108fff	Memory Mapped File	rwx	-
private_0x000000007e621000	0x7e621000	0x7e623fff	Private Memory	rw	-
private_0x000000007e624000	0x7e624000	0x7e626fff	Private Memory	rw	-
private_0x000000007e627000	0x7e627000	0x7e629fff	Private Memory	rw	-
private_0x000000007e62a000	0x7e62a000	0x7e62cfff	Private Memory	rw	-
private_0x000000007e62d000	0x7e62d000	0x7e62ffff	Private Memory	rw	-
pagefile_0x000000007e630000	0x7e630000	0x7e72ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007e730000	0x7e730000	0x7e752fff	Pagefile Backed Memory	r	-
private_0x000000007e753000	0x7e753000	0x7e755fff	Private Memory	rw	-
private_0x000000007e756000	0x7e756000	0x7e758fff	Private Memory	rw	-
private_0x000000007e759000	0x7e759000	0x7e759fff	Private Memory	rw	-
private_0x000000007e75c000	0x7e75c000	0x7e75efff	Private Memory	rw	-
private_0x000000007e75f000	0x7e75f000	0x7e75ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dfa4d88ffff	Private Memory	r	-
pagefile_0x00007dfa4d890000	0x7dfa4d890000	0x7ffa4d88ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ffa4d890000	0x7ffa4da51fff	Memory Mapped File	rwx	-
private_0x00007ffa4da52000	0x7ffa4da52000	0x7ffffffeffff	Private Memory	r	-

Process #13: werfault.exe

Information	Value
ID	#13
File Name	c:\windows\syswow64\werfault.exe
Command Line	C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 592
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:04:47, Reason: Child Process
Unmonitor	End Time: 00:04:51, Reason: Self Terminated
Monitor Duration	00:00:04
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x9d8
Parent PID	0x784 (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 690 0x 438 0x 77C 0x 790 0x 9D0 0x 2E0 0x 40 0x 558

Region

Name	Start VA	End VA	Type	Permissions	Actions
werfault.exe	0x00140000	0x00182fff	Memory Mapped File	rwx	-
pagefile_0x00000000004e0000	0x004e0000	0x044dffff	Pagefile Backed Memory	-	-
private_0x00000000044e0000	0x044e0000	0x044fffff	Private Memory	rw	-
pagefile_0x00000000044e0000	0x044e0000	0x044effff	Pagefile Backed Memory	rw	-
private_0x00000000044f0000	0x044f0000	0x044f3fff	Private Memory	rw	-
private_0x0000000004500000	0x04500000	0x04500fff	Private Memory	rw	-
private_0x0000000004500000	0x04500000	0x04503fff	Private Memory	rw	-
pagefile_0x0000000004510000	0x04510000	0x04523fff	Pagefile Backed Memory	r	-
private_0x0000000004530000	0x04530000	0x0456ffff	Private Memory	rw	-
private_0x0000000004570000	0x04570000	0x045affff	Private Memory	rw	-
pagefile_0x00000000045b0000	0x045b0000	0x045b3fff	Pagefile Backed Memory	r	-
pagefile_0x00000000045c0000	0x045c0000	0x045c2fff	Pagefile Backed Memory	r	-
private_0x00000000045d0000	0x045d0000	0x045d1fff	Private Memory	rw	-
private_0x00000000045e0000	0x045e0000	0x0461ffff	Private Memory	rw	-
private_0x0000000004620000	0x04620000	0x0465ffff	Private Memory	rw	-
werfault.exe.mui	0x04660000	0x04663fff	Memory Mapped File	r	-
private_0x0000000004670000	0x04670000	0x0467ffff	Private Memory	rw	-
locale.nls	0x04680000	0x0473dfff	Memory Mapped File	r	-
private_0x0000000004740000	0x04740000	0x04740fff	Private Memory	rw	-
private_0x0000000004750000	0x04750000	0x0484ffff	Private Memory	rw	-
private_0x0000000004850000	0x04850000	0x04850fff	Private Memory	rw	-
pagefile_0x0000000004860000	0x04860000	0x04860fff	Pagefile Backed Memory	rw	-
private_0x0000000004870000	0x04870000	0x04870fff	Private Memory	rw	-
faultrep.dll.mui	0x04880000	0x04881fff	Memory Mapped File	r	-
private_0x0000000004930000	0x04930000	0x0493ffff	Private Memory	rw	-
private_0x0000000004940000	0x04940000	0x0494ffff	Private Memory	rw	-
pagefile_0x0000000004950000	0x04950000	0x04ad7fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004ae0000	0x04ae0000	0x04c60fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004c70000	0x04c70000	0x0606ffff	Pagefile Backed Memory	r	-
private_0x0000000006070000	0x06070000	0x060effff	Private Memory	rw	-
private_0x00000000061f0000	0x061f0000	0x061fffff	Private Memory	rw	-
sortdefault.nls	0x06200000	0x06536fff	Memory Mapped File	r	-
wow64win.dll	0x716e0000	0x71752fff	Memory Mapped File	rwx	-
wow64cpu.dll	0x71760000	0x71767fff	Memory Mapped File	rwx	-
wow64.dll	0x71770000	0x717befff	Memory Mapped File	rwx	-
xmllite.dll	0x732c0000	0x732ecfff	Memory Mapped File	rwx	-
dbgmodel.dll	0x732f0000	0x73357fff	Memory Mapped File	rwx	-
dbgeng.dll	0x73360000	0x7374afff	Memory Mapped File	rwx	-
faultrep.dll	0x73750000	0x737a2fff	Memory Mapped File	rwx	-
dbghelp.dll	0x737b0000	0x738eefff	Memory Mapped File	rwx	-
wer.dll	0x738f0000	0x73974fff	Memory Mapped File	rwx	-
dbgcore.dll	0x739b0000	0x739d0fff	Memory Mapped File	rwx	-
devobj.dll	0x739e0000	0x73a00fff	Memory Mapped File	rwx	-
uxtheme.dll	0x73d10000	0x73d84fff	Memory Mapped File	rwx	-
bcrypt.dll	0x73d90000	0x73daafff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74030000	0x74088fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74090000	0x74099fff	Memory Mapped File	rwx	-
sspicli.dll	0x740a0000	0x740bdfff	Memory Mapped File	rwx	-
gdi32.dll	0x740e0000	0x7422cfff	Memory Mapped File	rwx	-
combase.dll	0x74230000	0x743e9fff	Memory Mapped File	rwx	-
sechost.dll	0x74580000	0x745c2fff	Memory Mapped File	rwx	-
msctf.dll	0x745d0000	0x746effff	Memory Mapped File	rwx	-
imm32.dll	0x74740000	0x7476afff	Memory Mapped File	rwx	-
shcore.dll	0x75b90000	0x75c1cfff	Memory Mapped File	rwx	-
msvcrt.dll	0x75e40000	0x75efdfff	Memory Mapped File	rwx	-
advapi32.dll	0x76040000	0x760bafff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x760c0000	0x760cbfff	Memory Mapped File	rwx	-
oleaut32.dll	0x761e0000	0x76271fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x762d0000	0x7637bfff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x76410000	0x76445fff	Memory Mapped File	rwx	-
kernelbase.dll	0x76510000	0x76685fff	Memory Mapped File	rwx	-
kernel32.dll	0x76870000	0x7695ffff	Memory Mapped File	rwx	-
user32.dll	0x76e40000	0x76f7ffff	Memory Mapped File	rwx	-
ntdll.dll	0x76f90000	0x77108fff	Memory Mapped File	rwx	-
pagefile_0x000000007eba0000	0x7eba0000	0x7ec9ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007eca0000	0x7eca0000	0x7ecc2fff	Pagefile Backed Memory	r	-
private_0x000000007ecc7000	0x7ecc7000	0x7ecc7fff	Private Memory	rw	-
private_0x000000007ecc8000	0x7ecc8000	0x7eccafff	Private Memory	rw	-
private_0x000000007eccb000	0x7eccb000	0x7eccbfff	Private Memory	rw	-
private_0x000000007eccd000	0x7eccd000	0x7eccffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dfa4d88ffff	Private Memory	r	-
pagefile_0x00007dfa4d890000	0x7dfa4d890000	0x7ffa4d88ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ffa4d890000	0x7ffa4da51fff	Memory Mapped File	rwx	-
private_0x00007ffa4da52000	0x7ffa4da52000	0x7ffffffeffff	Private Memory	r	-

Process #14: twitchru.exe

Information	Value
ID	#14
File Name	c:\users\ciihmnxmn6ps\desktop\twitchru.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\twitchru.exe"
Initial Working Directory	C:\Windows\
Monitor	Start Time: 00:04:48, Reason: Child Process
Unmonitor	End Time: 00:04:50, Reason: Self Terminated
Monitor Duration	00:00:02
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x55c
Parent PID	0x784 (c:\users\ciihmnxmn6ps\desktop\twitchru.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	-

Notifications (2/4)

Monitored Processes

Behavior Information - Grouped by Category

Before

After