2ed61007...4b9b

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x978	Analysis Target	High (Elevated)	greencrypt_crypt.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe"	-
#2	0x3b0	Child Process	High (Elevated)	nslookup.exe	"C:\Windows\system32\nslookup.exe"	#1
#4	0x844	Child Process	Medium	nslookup.exe	"C:\Windows\SysWOW64\nslookup.exe"	#2
#5	0x62c	Child Process	High (Elevated)	cmd.exe	"C:\Windows\system32\cmd.exe"	#2
#6	0x780	Child Process	High (Elevated)	cmd.exe	"C:\Windows\system32\cmd.exe"	#2
#7	0x320	Child Process	High (Elevated)	vssadmin.exe	vssadmin delete shadows /all /quiet	#5
#8	0x7ac	Child Process	High (Elevated)	netsh.exe	netsh advfirewall set currentprofile state off	#6
#9	0x8a8	RPC Server	System (Elevated)	vssvc.exe	C:\Windows\system32\vssvc.exe	#7

Behavior Information - Grouped by Category

Process #1: greencrypt_crypt.exe

21244

Information	Value
ID	#1
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:30, Reason: Analysis Target
Unmonitor	End Time: 00:03:33, Reason: Self Terminated
Monitor Duration	00:03:03

OS Process Information

Information	Value
PID	0x978
Parent PID	0x45c (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 97C 0x 988 0x A08 0x A0C

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
greencrypt_crypt.exe	0x00400000	0x0042DFFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
buffer	0x003C0000	0x003C0FFF	First Execution	-	32-bit	0x003C0000	... Region Actions Download Dump
buffer	0x03090000	0x03090FFF	First Execution	-	32-bit	0x03090855	... Region Actions Download Dump
buffer	0x030A0000	0x030A6FFF	Marked Executable	-	32-bit	0x030A2000, 0x030A1120	... Region Actions Download Dump
buffer	0x00300000	0x00308FFF	First Execution	-	32-bit	0x00302160, 0x00301000, ...	... Region Actions Download Dump
greencrypt_crypt.exe	0x00400000	0x0042DFFF	Process Termination	-	32-bit	-	... Region Actions Download Dump

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	4.00 KB	MD5: 3f35f73787f0c3bb5e59445fb18ade0d SHA1: f1566faff96c3988cfc28dc7d433094b6348cdbf SHA256: 5570969d22a33c23b60c5f5536f781219e458a869b77b8dde4a94cc124ee4de6 SSDeep: 48:6uzHiZC6Qgai4KATvs4W2//2J1etWgIWUlOyBU+Y:z7lgai49TkfStWrWUU+Y	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\InAppPickerConfirmationControl.xbf	2.71 KB	MD5: b77c3743c22a8b4f0d2f8982db8878dc SHA1: 68373ccb124a0cad84e020fe605ab1144eb93637 SHA256: 720496893e60361a3fa0e69a50c05175aea51f1b39eee8c2810ed385d48c2119 SSDeep: 48:KO/AfCrVzDvShfrq3a3NCrWr/nnhAr3LKRKDNnV93U6WVNJwYEE:KOoe9ahDAwNl/CHJn/3WVbwa	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\Animate_loop.64.png	2.11 KB	MD5: 6be2b30c4cdb6c7bc9506ecd9c816572 SHA1: 2089603ca1978b73b117c486358c569e0e642fd7 SHA256: 59826595ad60c73ae576fb453f0b92d602ef1425601eabd9dfbf5b6e8c9ba5d2 SSDeep: 48:Z414beo2ICuaUqQZIs7bEB8uGOKoSDnH3EsPIm0Rmm5U32NbutMefsol:Zyo26aUqhs7wuOKtD0sPIFIYm2Nbor	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\config.def	14.37 KB	MD5: e620b8105a99864caeb075a2041772b0 SHA1: 551343b0af92f5bb75b6cf0818c418bfb9f086ef SHA256: acfca1c34e68bbea4b7f514cbc42e4f192fb8311df3d819291e39fc69979c570 SSDeep: 384:33H3V2g5ArRKU4BdCAcQkXhxvOr7UzCuOlfQXYzDY4kgosQCjttE:cn4BfoxJfjQTttE	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\Rhizome	181.86 KB	MD5: 51df84688e96158332bec031fb4648be SHA1: a2e525f3b5fd9df5ffa47de46d62c25355940eb7 SHA256: e02342f90d1f2afe64cf1d5cb3d5ff3e2a793a3a7c7825d273b9234bca67201e SSDeep: 3072:HqeO3H6J+jysYy/1dKD/MjHCXxuPTCVxBqQSl4F+9BKW5WctyrlsFqlxc0cs:HqeUaJ+jp1oLMjUlnqD2+9v5WctQj	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\carls.dll	21.50 KB	MD5: f6aa0522c160e2d769983041447e1f4f SHA1: a68742f9a2e7762cb56aeb9b9f3aa9cb6d060a31 SHA256: 93eeb622f7772cacea204e59db942966caadfa1d2ad365f2a54b10decd9e8d91 SSDeep: 384:x+2ydTl6rVQTq028FfUUnmlMxyFdVWxIv+k2ODqsbV9/W:FydTl65QTS8Lr6VWyv+k28qs5	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	11.50 KB	MD5: fbe295e5a1acfbd0a6271898f885fe6a SHA1: d6d205922e61635472efb13c2bb92c9ac6cb96da SHA256: a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1 SSDeep: 192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\windows\win.ini	517 bytes	MD5: 4ae3c4cd61892ced256b76dff396cc86 SHA1: f5912b256ab8e763c94139ef8b3b6fa0b25e49c4 SHA256: 7b86c66f561513e4576306edfd2ca9477e7b944f823ecb1e007cf5e2b6c1e635 SSDeep: 12:F4Yv65dpMv4Fblu0N5ZSESow4CwgbteESAd:F3OxP5ZY4CztIAd		... File Actions Show Properties Download

Host Behavior

File (239)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\InAppPickerConfirmationControl.xbf	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\Animate_loop.64.png	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\config.def	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\Rhizome	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\carls.dll	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ	4	Fn
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	Rhizome	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_DIRECTORY, FILE_ATTRIBUTE_DEVICE, share_mode = FILE_SHARE_READ	1	Fn
Create	Rhizome	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_DIRECTORY, FILE_ATTRIBUTE_DEVICE, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\ntdll.dll	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\ntdll.dll	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\wow64cpu.dll	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\	-	1	Fn
Create Directory	C:\Users	-	3	Fn
Create Directory	C:\Users\5P5NRG~1	-	3	Fn
Create Directory	C:\Users\5P5NRG~1\AppData	-	3	Fn
Create Directory	C:\Users\5P5NRG~1\AppData\Local	-	3	Fn
Create Directory	C:\Users\5P5NRG~1\AppData\Local\Temp	-	3	Fn
Create Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp	-	1	Fn
Create Temp File	C:\Users\5P5NRG~1\AppData\Local\Temp\nsx9655.tmp	path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nsx	1	Fn
Create Temp File	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nsn	1	Fn
Create Temp File	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp	path = C:\Users\5P5NRG~1\AppData\Local\Temp, prefix = nsd	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	type = size	1	Fn
Get Info	C:\Users	type = file_attributes	3	Fn
Get Info	C:\Users\5P5NRG~1	type = file_attributes	3	Fn
Get Info	C:\Users\5P5NRG~1\AppData	type = file_attributes	3	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local	type = file_attributes	3	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp	type = file_attributes	3	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\InAppPickerConfirmationControl.xbf	type = file_attributes	2	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\Animate_loop.64.png	type = file_attributes	2	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\config.def	type = file_attributes	2	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\Rhizome	type = file_attributes	2	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\carls.dll	type = file_attributes	2	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	type = file_attributes	1	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	type = file_attributes	4	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	type = file_attributes	1	Fn
Get Info	C:\	type = file_attributes	1	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	1	Fn
Get Info	STD_OUTPUT_HANDLE	type = file_type	1	Fn
Get Info	STD_ERROR_HANDLE	type = file_type	1	Fn
Get Info	Rhizome	type = size	1	Fn
Get Info	Rhizome	type = size	1	Fn
Open	STD_INPUT_HANDLE	-	1	Fn
Open	STD_OUTPUT_HANDLE	-	1	Fn
Open	STD_ERROR_HANDLE	-	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 512, size_out = 512	71	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 32768, size_out = 32768	6	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 16653, size_out = 16653	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 4, size_out = 4	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 16384, size_out = 16384	13	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 4, size_out = 4	8	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 7627, size_out = 7627	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 2771, size_out = 2771	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 2163, size_out = 2163	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 14719, size_out = 14719	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16384, size_out = 16384	12	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 5998, size_out = 5998	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe	size = 753, size_out = 753	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 5632, size_out = 5632	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 11776, size_out = 11776	1	Fn Data
Read	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 4096, size_out = 4096	1	Fn Data
Read	Rhizome	size = 186222, size_out = 186222	1	Fn Data
Read	Rhizome	size = 186222, size_out = 186222	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 32768	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 6871	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\InAppPickerConfirmationControl.xbf	size = 2771	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\Animate_loop.64.png	size = 2163	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 21945	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\config.def	size = 14719	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16153	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16163	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16158	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16165	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16156	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16166	2	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16161	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16170	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 16169	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 26745	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\Rhizome	size = 16384	11	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\Rhizome	size = 5998	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsn9656.tmp	size = 1466	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\carls.dll	size = 16384	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\carls.dll	size = 5632	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	size = 11776	1	Fn Data
Write	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	size = 4096	1	Fn Data
Delete	C:\Users\5P5NRG~1\AppData\Local\Temp\nsx9655.tmp	-	1	Fn
Delete	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp	-	1	Fn

Registry (1)

Operation	Key	Additional Information	Success	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\Software\giFT\giFT	-		1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\nslookup.exe	os_pid = 0x3b0, creation_flags = CREATE_SUSPENDED, CREATE_NO_WINDOW, show_window = SW_HIDE		1	Fn

Thread (2)

Operation	Process	Additional Information	Success	Count	Logfile
Get Context	c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	os_tid = 0x97c		1	Fn
Resume	c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	os_tid = 0x97c		1	Fn

Memory (1222)

Operation	Process	Additional Information	Count	Logfile
Allocate	C:\Windows\system32\nslookup.exe	address = 1635304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1633216	1	Fn
Allocate	C:\Windows\system32\nslookup.exe	address = 1635328, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1633432	1	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 14339141, protection = PAGE_EXECUTE_READWRITE, size = 1633448	1	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 14339141, protection = PAGE_EXECUTE_READ, size = 1633448	1	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998441362, protection = PAGE_EXECUTE_READWRITE, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998441362, protection = PAGE_EXECUTE_READ, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998441205, protection = PAGE_EXECUTE_READWRITE, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998441205, protection = PAGE_EXECUTE_READ, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998200349, protection = PAGE_EXECUTE_READWRITE, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998200349, protection = PAGE_EXECUTE_READ, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998241696, protection = PAGE_EXECUTE_READWRITE, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998241696, protection = PAGE_EXECUTE_READ, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998242016, protection = PAGE_EXECUTE_READWRITE, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1998242016, protection = PAGE_EXECUTE_READ, size = 1630164	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1995771904, protection = PAGE_EXECUTE_READWRITE, size = 1630404	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1995771904, protection = PAGE_EXECUTE_READ, size = 1630404	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1952845824, protection = PAGE_EXECUTE_READWRITE, size = 1630404	10	Fn
Protect	C:\Windows\system32\nslookup.exe	address = 1952845824, protection = PAGE_EXECUTE_READ, size = 1630404	10	Fn
Read	C:\Windows\system32\nslookup.exe	address = 2130567176, size = 4	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998171351, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998163332, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998171559, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443353, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442740, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442688, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998233754, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998233647, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442017, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442779, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998233702, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443389, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443220, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998442810, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443325, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443297, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443029, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441231, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441263, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441279, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441295, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441311, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441215, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998068237, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441247, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441362, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441205, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998396031, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998441572, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799436, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998235552, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998215923, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443597, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443470, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443486, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998386939, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387107, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387404, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387338, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387021, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387267, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387178, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387039, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387144, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387068, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799432, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998629892, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998132555, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998631255, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998187439, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997965538, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998630134, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997993658, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099009, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998130265, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998631937, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998631508, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998631559, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998201376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998631607, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998630356, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998187621, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998133033, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998132979, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998132874, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998632135, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997993266, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998098859, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998202205, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998630086, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998161039, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997994051, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998642154, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998220156, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998632823, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998632242, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998158263, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998158299, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099078, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998630993, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998643543, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998221457, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998132465, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998646137, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998646083, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940403, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940401, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940347, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799904, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799908, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799920, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799812, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799480, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799660, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997799732, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998003984, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998122176, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997995997, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997999478, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998445849, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997979423, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998121346, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998446855, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998108117, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998004013, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998446427, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997929719, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998122039, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998113829, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997929752, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998390724, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998443926, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997930922, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997930955, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998388148, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998184728, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997971017, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998218645, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998010778, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997980730, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997958037, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998140808, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998449103, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998045490, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998045529, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998139346, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998390526, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998390484, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998178469, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998125730, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998054044, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997986325, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998027871, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998450498, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997983068, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998010077, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998390516, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998067190, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998446771, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998098041, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998115577, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998125457, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998125481, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998000599, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997958204, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998199796, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998390735, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998389322, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998413013, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997982204, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997982648, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998629729, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998629396, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998629448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998203308, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998202969, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998203450, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998782480, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998782467, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998782468, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865472, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864024, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865520, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865220, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865544, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865568, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865592, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864776, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865616, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865640, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865664, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864624, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865688, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865716, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865744, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865772, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865796, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865820, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863600, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865848, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865872, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865896, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865920, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865944, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865968, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865992, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866016, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866040, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866064, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866088, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866112, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866136, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866160, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866184, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866208, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866232, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866256, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866280, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866304, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866328, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864900, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866380, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863112, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865324, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866408, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866432, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865420, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864548, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864476, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866480, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866504, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866528, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866552, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866576, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866600, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866628, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864672, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866652, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866676, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866700, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864804, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866724, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865124, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866748, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866772, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866796, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863728, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866820, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866844, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866868, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866892, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866916, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866940, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866964, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997866988, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867012, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864924, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867036, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867060, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867084, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864852, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867132, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864948, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867156, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867180, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867204, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867228, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867252, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867276, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867300, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867324, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998384979, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867348, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864300, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867428, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867452, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867476, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867500, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867524, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867548, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867572, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863164, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867596, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867620, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867644, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864500, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864648, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867668, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867692, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867716, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864252, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867740, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867764, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863472, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867788, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867812, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864876, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867836, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867860, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867888, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867916, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867940, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867964, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997867992, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863752, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868016, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868040, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864424, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868064, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868088, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868116, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868144, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868168, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868192, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868216, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868240, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868264, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998459356, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868288, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868312, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863776, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868340, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868364, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868388, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868412, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864972, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868440, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868468, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868492, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868516, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868540, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868564, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868588, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868612, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868636, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868664, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868692, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868716, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868744, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868772, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868796, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863056, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864000, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868824, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868848, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868872, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868896, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868920, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868944, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865196, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868968, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864600, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997868992, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864276, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869016, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869040, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869064, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869088, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869112, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869136, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869160, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869184, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869208, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863952, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869232, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864200, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869256, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869280, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869304, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869328, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863904, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864176, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869424, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865372, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869472, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869520, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869544, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869568, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869596, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869620, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869644, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869668, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865000, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869692, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864524, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869720, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869744, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869768, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863524, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864696, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864328, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869796, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869820, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869844, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865148, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869868, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869892, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869916, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863424, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869940, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869964, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863624, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997869988, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863928, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863832, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870012, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870036, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870060, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870084, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870112, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870140, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863552, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870164, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870188, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870212, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870236, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870260, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864224, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870284, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870312, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865024, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870336, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870360, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870384, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870408, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870432, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870480, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865244, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870504, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863576, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863880, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864828, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864724, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870532, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870556, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870580, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863136, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864148, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870604, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865100, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864576, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870628, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870652, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870676, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870700, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870724, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870752, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863804, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863248, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870780, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863220, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870804, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870828, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870856, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870880, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870904, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870928, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863300, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863276, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864072, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870952, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997870976, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863856, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871000, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871028, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871056, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871080, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865048, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871132, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871156, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871180, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871204, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871228, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871252, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871280, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871304, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871328, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871376, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871428, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871484, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871512, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871536, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863348, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864120, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871560, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871588, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871616, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871640, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863976, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871664, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871688, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865300, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863704, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871712, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863324, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871736, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871760, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871784, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871808, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871832, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871860, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871884, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871908, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871932, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871960, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997871988, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872012, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872036, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872060, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872084, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872132, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872160, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872188, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872212, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872240, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865396, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872268, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872292, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872320, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872344, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872372, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872396, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872424, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872452, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872480, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872508, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872532, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864096, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865076, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872560, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872588, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872612, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872636, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865348, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872660, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872688, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872712, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872736, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872760, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872784, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872808, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872832, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864048, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872856, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872880, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872904, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865272, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863648, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863084, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872932, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872956, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997872984, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873012, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873468, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873156, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873180, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873204, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873084, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873036, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873132, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873228, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873060, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873252, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873276, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873300, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873324, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873348, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873372, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873444, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873396, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873420, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863192, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997863676, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997865172, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864452, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997864748, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005472, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940189, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998236317, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998143744, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998460258, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998459413, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998460015, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998459447, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998460548, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998149294, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997963079, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998035565, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998422675, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998103381, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998045844, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997941233, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940064, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998146694, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998146759, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873649, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998007888, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998037019, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475416, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998202934, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475266, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475493, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998183262, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998461018, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998147746, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998460614, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475302, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475357, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475571, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998474685, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998476239, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998162975, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997927970, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998070543, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998171795, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998141409, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998222379, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998010470, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998462784, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997971315, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997968354, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997963776, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922342, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998717088, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998716944, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997928730, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998479970, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997924021, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481569, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998385836, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481665, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964639, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964838, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998419879, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998462227, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998462352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463780, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463808, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998483686, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099229, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484831, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998485090, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998485364, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998652984, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998023467, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998147471, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998486070, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998234072, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998146091, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998487332, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998116346, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998183995, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099149, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998396078, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998448139, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998509108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998508608, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998403303, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998048077, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998519082, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998142208, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998142288, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481336, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964471, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997963929, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998519669, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998520257, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998440717, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998395399, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998521341, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998457909, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523596, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998398091, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998494607, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998006078, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998184549, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997975234, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998401603, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998402394, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998006086, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998525926, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998525892, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463639, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463669, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998527044, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998396104, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998400456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997968103, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998462972, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998054807, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964747, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998007585, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998097151, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998400787, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998096382, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998527602, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998161649, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998527998, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998050211, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523834, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997996617, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998173113, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998172856, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998448555, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998044571, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998396725, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998202693, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998487386, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998007444, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998171108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998530287, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998064676, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998180936, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998180722, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998110190, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964284, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998447969, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998401482, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998196559, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998448081, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463120, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998103811, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998454783, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998211248, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998403366, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998446888, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998146280, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873497, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998652680, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997970741, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997974936, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998519789, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998519893, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998401619, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998037546, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998141104, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998148181, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998485837, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997923949, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997948405, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998037352, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998182881, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998522496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998530887, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998487440, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099417, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998188889, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998179654, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998652688, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998209574, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998532059, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998653027, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998199344, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475722, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998056858, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099872, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998036366, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998177086, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998176963, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998044242, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998205824, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998098635, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997973049, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998385200, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940234, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481147, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998094029, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997926282, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998114369, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998001760, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998001722, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997973793, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998386538, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998020575, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998479840, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998031048, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998398170, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998030041, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998475905, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998398295, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998384991, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998000075, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997987928, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523160, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523245, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005532, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005556, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005544, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997873840, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998510746, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523032, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998531158, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998182062, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998531726, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099358, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998182818, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481134, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481041, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998463598, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998188805, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997968561, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998134732, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997924339, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998462729, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998535868, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998535935, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998536996, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998537287, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998097896, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998116248, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997974528, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998113255, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523258, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998479304, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998479587, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005826, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005588, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005682, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998142336, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998142448, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998142400, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998396044, size = 1	3	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998189658, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998143179, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997925496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997929271, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997989865, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997990077, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998482526, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998509231, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484224, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484603, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998483341, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998040024, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484432, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998483830, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998481795, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484756, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940504, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998007272, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997990499, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998099482, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998532375, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997975873, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998537597, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998039121, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998115972, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922598, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997963842, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922181, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998717056, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998384330, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997968306, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998115936, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998186256, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998042965, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998538580, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998114278, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997979012, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998486331, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998519563, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998144037, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998397872, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998131261, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997971916, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998200349, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997941297, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997963253, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998105178, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998531015, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998531496, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998539815, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998526486, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998526621, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998503267, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998387898, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998107625, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997974805, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997974260, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998150931, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998005199, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998539846, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998117837, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998096656, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998386309, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998066687, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998114254, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998522887, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997962705, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997965314, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998069893, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998150860, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998088701, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998217366, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998493769, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998041108, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998037055, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998465599, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998527341, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998497509, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998201096, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998490456, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998059900, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998501526, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998389311, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998202613, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998158961, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998505395, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997965114, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997926002, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998544866, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998235853, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998195669, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998548533, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998548569, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997927750, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997943140, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997927573, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998010520, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998476485, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998201903, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998201929, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922768, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997928347, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998485716, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998071598, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998522957, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998071549, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922712, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997922824, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997962611, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998523213, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997941205, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997964374, size = 1	2	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998548986, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997941826, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940200, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997948838, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997971055, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998526248, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997995927, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998173677, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998058975, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998075922, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998461487, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998103054, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997968548, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997999962, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998033818, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998173750, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998033868, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998173801, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998522647, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998487117, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997965812, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997965997, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998220009, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940544, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940597, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997948784, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997948759, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997940464, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998484077, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998508918, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998507918, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998535653, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998535710, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998044047, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998044182, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998046225, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998536582, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998046493, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998043392, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998534893, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998535430, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998049792, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998049547, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998047317, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998536005, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998043566, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998043657, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998438882, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998397844, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998018356, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997969970, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1997973826, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998044341, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998531471, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998551411, size = 1	1	Fn Data
Read	C:\Windows\system32\nslookup.exe	address = 1998538202, size = 1	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70800, size = 118	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70400, size = 150	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70200, size = 98	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70600, size = 208	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70a00, size = 24	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x70c00, size = 92	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x7efde008, size = 4	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x80000, size = 17881	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0xdacc45, size = 1	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0xdacc46, size = 4	1	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x771dcb92, size = 5	10	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x771dcaf5, size = 5	10	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x771a1e1d, size = 5	10	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x771abfa0, size = 5	10	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x771ac0e0, size = 5	10	Fn Data
Write	C:\Windows\system32\nslookup.exe	address = 0x76f51000, size = 1049210	10	Fn
For performance reasons, the remaining 34 entries are omitted. The remaining entries can be found in glog.xml.

Module (109)

Operation	Module	Additional Information	Count	Logfile
Load	C:\Windows\system32\UXTHEME.dll	base_address = 0x745d0000	1	Fn
Load	C:\Windows\system32\USERENV.dll	base_address = 0x74ac0000	1	Fn
Load	C:\Windows\system32\SETUPAPI.dll	base_address = 0x75c00000	1	Fn
Load	C:\Windows\system32\APPHELP.dll	base_address = 0x74a60000	1	Fn
Load	C:\Windows\system32\PROPSYS.dll	base_address = 0x74960000	1	Fn
Load	C:\Windows\system32\DWMAPI.dll	base_address = 0x745b0000	1	Fn
Load	C:\Windows\system32\CRYPTBASE.dll	base_address = 0x74c80000	1	Fn
Load	C:\Windows\system32\OLEACC.dll	base_address = 0x74920000	1	Fn
Load	C:\Windows\system32\CLBCATQ.dll	base_address = 0x752b0000	1	Fn
Load	C:\Windows\system32\NTMARTA.dll	base_address = 0x748f0000	1	Fn
Load	C:\Windows\system32\VERSION.dll	base_address = 0x748e0000	1	Fn
Load	C:\Windows\system32\SHFOLDER.dll	base_address = 0x748d0000	1	Fn
Load	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	base_address = 0x74720000	1	Fn
Load	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	base_address = 0x74710000	1	Fn
Load	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	base_address = 0x74720000	1	Fn
Load	C:\Users\5P5NRG~1\AppData\Local\Temp\carls	base_address = 0x74720000	1	Fn
Load	user32	base_address = 0x74f40000	1	Fn
Load	USER32.dll	base_address = 0x0	1	Fn
Load	ADVAPI32.dll	base_address = 0x0	1	Fn
Load	KERNEL32.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	5	Fn
Get Handle	VERSION	base_address = 0x0	1	Fn
Get Handle	SHFOLDER	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\shlwapi.dll	base_address = 0x75340000	1	Fn
Get Handle	c:\windows\syswow64\shell32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\System.dll	base_address = 0x0	2	Fn
Get Handle	c:\users\5p5nrg~1\appdata\local\temp\nsd9703.tmp\system.dll	base_address = 0x74710000	3	Fn
Get Handle	C:\Users\5P5NRG~1\AppData\Local\Temp\nsd9703.tmp\Splash.dll	base_address = 0x0	1	Fn
Get Handle	C:\Users\5P5NRG~1\AppData\Local\Temp\carls	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\user32.dll	base_address = 0x74f40000	1	Fn
Get Handle	c:\windows\syswow64\ntdll.dll	base_address = 0x77130000	1	Fn
Get Filename	SHFOLDER	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe, size = 1024	1	Fn
Get Filename	C:\Users\5P5NRG~1\AppData\Local\Temp\carls	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe, size = 260	1	Fn
Get Filename	KERNEL32.dll	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, size = 256	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\version.dll	function = GetFileVersionInfoA, address_out = 0x748e1ced	1	Fn
Get Address	c:\windows\syswow64\shfolder.dll	function = SHGetFolderPathA, address_out = 0x748d1528	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = 437, address_out = 0x7535bee6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultUILanguage, address_out = 0x76c344ab	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = 680, address_out = 0x760244f5	1	Fn
Get Address	c:\users\5p5nrg~1\appdata\local\temp\nsd9703.tmp\system.dll	function = Alloc, address_out = 0x74721000	1	Fn
Get Address	c:\users\5p5nrg~1\appdata\local\temp\nsd9703.tmp\system.dll	function = Call, address_out = 0x747116db	4	Fn
Get Address	c:\users\5p5nrg~1\appdata\local\temp\nsd9703.tmp\system.dll	function = show, address_out = 0x7472100f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexAA, address_out = 0x0	1	Fn
Get Address	c:\users\5p5nrg~1\appdata\local\temp\nsd9703.tmp\system.dll	function = q, address_out = 0x74721090	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	3	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSize, address_out = 0x76c3196e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxA, address_out = 0x74fafd1e	1	Fn
Get Address	-	function = GetSysColor, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = MessageBoxExA, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = ScrollWindow, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = CryptDecrypt, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = SwitchToThread, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = GetCurrentProcessId, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = SystemTimeToTzSpecificLocalTime, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = WriteProfileStringA, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	-	function = SetThreadPriorityBoost, ordinal = 0, address_out = 0x18f6dc	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = RtlDecompressBuffer, address_out = 0x771efded	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x76c351a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiA, address_out = 0x76c33e8e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExpandEnvironmentStringsA, address_out = 0x76c4eb39	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfA, address_out = 0x74f6ae5f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileA, address_out = 0x76c558e5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsWow64Process, address_out = 0x76c3195e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryA, address_out = 0x76c4b66c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemWow64DirectoryA, address_out = 0x76cb2404	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteProcessMemory, address_out = 0x76c4d9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateRemoteThread, address_out = 0x76cb416b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAllocEx, address_out = 0x76c4d9b0	1	Fn
Get Address	-	function = CoCreateInstance, ordinal = 0, address_out = 0x18f384	1	Fn
Create Mapping	C:\Windows\system32\ntdll.dll	filename = C:\Windows\system32\ntdll.dll, protection = PAGE_READONLY, SEC_IMAGE, maximum_size = 0	1	Fn
Create Mapping	C:\Windows\system32\ntdll.dll	filename = C:\Windows\system32\ntdll.dll, protection = PAGE_READONLY, SEC_IMAGE, maximum_size = 0	1	Fn
Create Mapping	C:\Windows\system32\wow64cpu.dll	filename = C:\Windows\system32\wow64cpu.dll, protection = PAGE_READONLY, SEC_IMAGE, maximum_size = 0	1	Fn
Create Mapping	-	protection = PAGE_EXECUTE_READWRITE, maximum_size = 1635248	1	Fn
Map	C:\Windows\system32\ntdll.dll	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, desired_access = FILE_MAP_READ	1	Fn
Map	C:\Windows\system32\ntdll.dll	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, desired_access = FILE_MAP_READ	1	Fn
Map	C:\Windows\system32\wow64cpu.dll	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, desired_access = FILE_MAP_READ	1	Fn
Map	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2610000	1	Fn
Map	-	process_name = C:\Windows\system32\nslookup.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000	1	Fn

System (74)

Operation	Additional Information	Count	Logfile
Sleep	duration = 1630504 milliseconds (1630.504 seconds)	12	Fn
Get Time	type = Ticks, time = 104005	1	Fn
Get Time	type = Ticks, time = 104021	10	Fn
Get Time	type = Ticks, time = 104130	1	Fn
Get Time	type = Ticks, time = 104146	11	Fn
Get Time	type = Ticks, time = 104161	7	Fn
Get Time	type = Ticks, time = 104177	2	Fn
Get Time	type = Ticks, time = 104193	6	Fn
Get Time	type = Ticks, time = 104239	2	Fn
Get Time	type = Ticks, time = 241177	1	Fn
Get Info	type = Operating System	2	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	16	Fn
Get Info	type = OS_WOW6432	1	Fn
Get Info	type = Wow64 Directory, result_out = C:\Windows\SysWOW64	1	Fn
Get Info	type = SYSTEM_PROCESS_INFORMATION	1	Fn

Mutex (1)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = OpenMetaverseInstaller		1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data

Ini (249)

Operation	Filename	Additional Information	Success	Count	Logfile
Write	Win.ini	section_name = _WriteSippet, key_name = LoseSuspect, data = KeepHalal		249	Fn

Debug (5)

Operation	Process	Additional Information	Success	Count	Logfile
Check for Presence	c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	-		4	Fn
Check for Presence	c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	-		1	Fn

Process #2: nslookup.exe

4205

Information	Value
ID	#2
File Name	c:\windows\syswow64\nslookup.exe
Command Line	"C:\Windows\system32\nslookup.exe"
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:02:57, Reason: Child Process
Unmonitor	End Time: 00:04:05, Reason: Self Terminated
Monitor Duration	00:01:08

OS Process Information

Information	Value
PID	0x3b0
Parent PID	0x978 (c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 90 0x 810 0x 80C 0x 640 0x 648 0x 88C 0x 854 0x 894 0x 788 0x C4 0x 954 0x 900 0x 8EC 0x 90C 0x 8F0 0x 8FC 0x 8E0 0x 8DC 0x 974 0x 890

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
buffer	0x00080000	0x00084FFF	First Execution	-	32-bit	0x000802C7, 0x000844F0, ...			... Region Actions Download Dump
nslookup.exe	0x00DA0000	0x00DBDFFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Count	Logfile
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70800, size = 118	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70400, size = 150	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70200, size = 98	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70600, size = 208	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70a00, size = 24	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x70c00, size = 92	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x400000, size = 90112	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x7efde008, size = 4	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x80000, size = 17881	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0xdacc45, size = 1	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0xdacc46, size = 4	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x771dcb92, size = 5	10	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x771dcaf5, size = 5	10	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x771a1e1d, size = 5	10	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x771abfa0, size = 5	10	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x771ac0e0, size = 5	10	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\greencrypt_crypt.exe	0x97c	address = 0x76f51000, size = 1049210	6	Fn Data

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\nslookup.exe	96.00 KB	MD5: 5e3830ee3282a53920e00784fec44cfd SHA1: 3e43d4ac8ea7efdf5921ad123f4eabd5648778ab SHA256: 4a35c36f3f41f977fe1f0174d43c8cb9bd25a823b5f2a1970e501d839e1f8276 SSDeep: 1536:bKkZShQ7BWNxTLmCjwcqaz6/A3gA1xZNvlw:bPSC7kzLmCscqZopZNvu	... File Actions Show Properties Download
C:\Users\5P5NRG~1\AppData\Local\Temp\bfc8f96.lnk	991 bytes	MD5: 1a377d3a303f19da3565c1a337315958 SHA1: 0387f7fcc3b43da34bb3dffb4f049af68d347629 SHA256: 1c6f9a6272bc0aeec7f5d24c24f10870e5754565719177c65ca7eb3df1b14d95 SSDeep: 24:83uwNE73WrdRWaI+K92e/+ckDhfr7SEMtZQwZN:87NASd9KbJkDh/q	... File Actions Show Properties Download
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	386 bytes	MD5: 566f36cf38f3e38d9de611fd58d6d21f SHA1: 424a89357c38378cf1b78c3f602ae3d01337b89f SHA256: 92eda9bb7862b7ec22044d56a96cd5877ae1f479f7a6124796948dd951e0d122 SSDeep: 6:M18iD9eoCFGAU7Xx+3i+LN27h9G3TDhVPHJSpPhsriDGKl1QEVlRMaJxL2kxlvXH:S8iHU3Xqk3nRSYirQEnxHzH	... File Actions Show Properties Download
\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	64.25 KB	MD5: 329453b7f885d6441a979ba8ea5d9400 SHA1: 23e2e43e678e246f9d87051e247756b25b20d82a SHA256: 9e97566650f5d50ffeba3248eefb001cc49e745ddf30ead60c6074f02bf7dfbe SSDeep: 1536:kOalnj6Fa9lZuENKM+XUqUDkQyzuKKYJgAPD4aZ/c:kOhs0EGUjTy3d1r4QE	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	16.94 MB	MD5: 2fb10a322517f7cbfb3a6cfe3f7ec571 SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai	... File Actions Show Properties Download
\\?\C:\BOOTSECT.BAK.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	8.25 KB	MD5: 84c709841ae6455a462862f92496a932 SHA1: 2b7d0c2de34a9f3e9e9c84654d9879330c9111a9 SHA256: 79cd57c89fa36f16144e426d779369660127eebd0873ab9628a185c99e259809 SSDeep: 192:I+4ia22nYhvi1mIa7h5Motw+6Y2FT83yqZKm+i19cu32+z/uW1HbLJhF4H:R4iZ2ga1+H9tiOJKmDnXyOLJhFc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.08 KB	MD5: 8b418895b40566aae033aa1eb12601b5 SHA1: 06db007e9901360b5da6c27de3ebae9c3f12fc29 SHA256: 79966a9dd16f5e04bec2caef090ee3936f05dbc2ab945a27e81f7aad775a8ff2 SSDeep: 48:V7AEejlfdMeUQdCaY9Lxr8XGE54gjdhOmy4H:lAEwp1SLNM+4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: 18201c4073cd22992602736b10111aed SHA1: bacef48ffa65ea83d448b9e7ff15148915c468d9 SHA256: d5b03e56139a1a3794bbc49ebe849160c1b49a264d587334de1cede2182806ce SSDeep: 48:7Uy88bdtrVDqX+OgG+SlTDVIvkh3+iBtn5yvXjWRZ:7U74dtrkX+TSDjhui3ovjCZ	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.81 KB	MD5: 94cef0e6f88515372f840d4a89c93369 SHA1: 1ab1503d5f3158673d9c27db0ac0cbb829d00097 SHA256: f7549b8585aa372487a2cc215b88ec16c8b6b9b42e5a46593cce2c99c3b6db0e SSDeep: 48:TnwM8dKoy27iMhqfIF0iKCcPgvEl3MgDQsLN9OFq34CX9ZuzkSJc4H:58dKoWffCc4EV1h9OQTt9F4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.36 KB	MD5: 1cb219b94221ad4e80d3c476e02205b6 SHA1: a4206cda2c07febf45a018f364893b8f556376c5 SHA256: 726a4cdc7a3f531c2a887d8603fa29614d91005593c58bc2164b0e94f298f337 SSDeep: 96:SaSpExYP7lRbrhm7B35WNfqTbVhsBZBdz8fZILr4H:rSpJP7lRbCWNfqF22ILr4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.35 KB	MD5: 9a72055111b7d776c6d1a4646edb9b67 SHA1: 0767e2df062bef32ff61b45461eb22b968b5b9b2 SHA256: a5f1806bd44af7c56f0ae448cebcc3b3f8e9562b34410106262171884b01ba96 SSDeep: 96:eZPdDpuEL8V7S4PWV1JwpA7xnjDtiqyvlcz3L9iRLyeYDeGn5Tz4H:on07SEWVEpA7xnh6lKYBnkeGhz4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.61 KB	MD5: f616e3231769d104a8d06bcb6b65de61 SHA1: 0a39eb013b07cb7f37006e0fbdce0d5ee078dffa SHA256: fe9869b0f9f744c2c843ffa949764b8978dce7f2a8f509bc2e7726d06d4435ae SSDeep: 48:VXIZbFa/mljY0LDbp6PS7Q27DQAP7z2VyE9xUgzLNoceDzt4wOSWNpiNQD/n4H:VXI6uljY0LD9D7lX7+DUW5obbOxNgNc0	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: cad08f635822d87500da44810b2b8824 SHA1: e98a55b815e45ddfdd63ef7bb0cd2ef0ebc57583 SHA256: 429555856ba3200cc9453af15fa036ef813a1f0ed1cb0d76e50358efea9ec49b SSDeep: 24:hg5BeCVWAi61DbrpKhTB2J4PzqKj0JoPnjKvYD4TKM+IJggZQHzS8d/Ft3zPWIQc:h6VeafkrJ0J4GE4/+PEOS+//Wn4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: 902fa0d11be677403422be0a253484fc SHA1: 9dd35aff9a60d5e2a9c66310b58365036af1b1a6 SHA256: d95f42bc9f2e83b51fd80cc4954dcb7befff4dd5d1346986b219d3fa2a767751 SSDeep: 48:NIFRrgylv8Y0+/oOnQFHlmQh+nI61KN6NUR0fl4H:NIkyt8YRQhh+I6zWR0fl4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: f0a34224ea1513f5cb071cc76e91e9e7 SHA1: d34ec51cb84edb724b86a035b60d6b49303f1b65 SHA256: d3d6a7485944296828d2daec567a895276f0d7a314c34ba6a163d3e34137dcb2 SSDeep: 24:gbox+AXAN78vDTlM+KFfOLpAW3sWvskWTKIKoJUarqcE+DcWF8k8BEHbD9TqAEan:rULwbW+Bi4dipE+AWudE3ZEB4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.00 KB	MD5: e929da74b6d12579f6f4d5dde1145b64 SHA1: 6e1cd5230cf0c94d40291256e1134fdfd1d507d2 SHA256: fb78160720d812e6ff2f32de67d2ecbd3e538eff82217814ba996c833ed0bbd6 SSDeep: 48:pNWm60D1IV9M/RXHRtCZyjWrje/UXn7NgdEyUoox5KYN4H:jH60Di9auSWvUUX+ZEp4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.55 KB	MD5: 3d7134adc41c5327fece8cad6aff04ec SHA1: 72fe3f3f59e0f67b656426656bc2e0f5648d9808 SHA256: 8895452019c354d4553bf0fabe476c8a65f512a5e9dd5a020dc2d68fdc9003d5 SSDeep: 48:bsnAhJCjmq2n2ip7CoVqrJ5xXw77UHC6h9Jfz/ew6PDbI4YDhBiBXTY4H:bgHjmln/GDrH2GDpR6PDbILBiM4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.44 KB	MD5: 27e60a41b91e80a33d4fb2976e42f02b SHA1: 20d3ba6f16dbdada3dc638b25d20faaed7df06ad SHA256: 48e78f9a9bd128939d8318ebe35c786e1fd58b8844185fc0a5fc1358aa29c0ce SSDeep: 24:J54UUNk/cbD3bfLuUSEQ3xMQC5B1+1dDB/wcsn29ThR61Jtl5TTtJp+eRQExTH:J5tl/obzLSb3jC7IjBsncEtTt7q4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.60 KB	MD5: 250b1bb7eb559874a3045d6f56249206 SHA1: e443ae4088c6e2ce929e27c5c2a2bbfc2fb71078 SHA256: 6ecae99425e937e3dace7cd3fefc28f621d59a10d5f3e738ff48c30fa2a48042 SSDeep: 48:OHG3CX9Jfm8H8VBJDysfqSwYloOY0FW2z4H:gf8bmCqSwYjYKZz4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	9.52 KB	MD5: 512c42914f6efec890a6d4e1e24b0949 SHA1: d611aa10adf498d2390d7e0b137abf2be302ddcf SHA256: 2685aa87ad2a69e0e51315581fcd4ee58ed42a83db9d26c0532d503a5973af0b SSDeep: 192:pGgyyRGU5KKapJ57DAiIVCsw7Qu+u5D0IIyV/Pds/KbCJByK6UB/4H:Y6KKadASsluZ6qtbzK6UB/c	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.81 KB	MD5: 02e6e4b214126967a7ce88f3b206c359 SHA1: 0db212fa9602f8862ff766766dafeb9d6755e247 SHA256: a48d9cbe44430e416d26162334f6e9b5325cb3a32019942003f4b8b9bfe688aa SSDeep: 48:W8JTSyNA7WCBK2NGkoOPgtse8Y8U4w/AzX4gYYdj9W4H:W8JTSyN6WCB7LodSe8Rlw/+4LYPW4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.14 MB	MD5: cff1d4822c906b54137503d8cae506e1 SHA1: 5e6105cc7ed18838c724868421d753b79bb12cb4 SHA256: c3473ccd89aae0c77da86011875c0c9e0893b31001c25caa23950277b0696a5f SSDeep: 49152:zDxL8QBo6Tex4S120ytJyHhgifLUyHLTQxtArnW:zR89j1Jg7c+CrW	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.05 KB	MD5: 0432da1494b076d08eea29cbe2a86ab3 SHA1: cb155d7663296049010a79703bdeb6467440d413 SHA256: 5714492d0684737579cce8db13d39ad73d6ccb804c8fb6f2daabda4d6a6d94ae SSDeep: 48:Cg/uPZQdPFVHvd9hgtf9k/VoJPW26l0fTM1pkfC4H:tNdPnHl9hWOqJPj6kT3C4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.08 KB	MD5: 0e1dd2201a3f74b9ce5679545aa5e0cf SHA1: 973f93069873a3884b62d0e8781ded0a97a2a797 SHA256: 1969dcddab0bb7b62e961d44eaefc59deb1ba4cffc5167fb740e6f7ad1fba557 SSDeep: 48:reg5tTRyXO/+fVoEzuuMUatYGLomHvSyQXOZVy56wJsIF2y4oAH4H:FtTGO/KVqtpLoEvLQ+ZUxJlaoa4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.14 KB	MD5: cbbd1346c1e9f7e787be30d080fed2be SHA1: 1828e72379245ab69b1b8b25704447e9d01922cb SHA256: c370e2e2dc9733ffae9c8efb404deeaf3db5c73bdaacdc1caa3b2fe79acdb184 SSDeep: 24:QTU9pcNwRmwqQ51qm8brD/F4JD+f5n5HdbP1VS2AWQExTH:QoRmwD43d44n5HX4jl4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.66 KB	MD5: 98febb3c8e0a2578256adbb6aa6022fd SHA1: aeaa22532a46ad3511e5646e97846650d9421eea SHA256: efe716e35ed106c6fffbe753ea0fc17c0ded12567e27fd1b803fd41d13120879 SSDeep: 24:/u4qquDGHa1yzuOcXLdwe+Fh/3PJ83LikaPfO9CKFdewWE1zGW9BHSeCQExTH:ANM/uh7dw5/J8b6WIKFdR5GW9EeZ4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.66 KB	MD5: d120691ad3e381e3dc08f25cd386b7aa SHA1: 878a29534a9b140dbbbc0cdd5a956019bce11b05 SHA256: 4247fbfb581b10fd06f8eb5909332b6845036b2e0785cccfda2f319232ee9513 SSDeep: 24:5uZQ+DW3zlxEVGVerA0jOhdKp61G/MpUSEFHNE6zOhq1jZDDq8Smn1OjnsCci29A:QW+ozlx3VeHOhdGMTEfzqMd2nrcx9L4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	5.67 KB	MD5: e107ed840ae64adc673815296f30ae0a SHA1: e79c1202572c6b1ab50987532a34a68e86d241aa SHA256: 6c12cbc56f7571cef1d802f239abab2795bb001adcf6db8adb643c5b4398f555 SSDeep: 96:f+RllsgQxFuFyczgJvxP+lF1Bas41N6qBI5dWj+fcj3fJw4PVb7RiGQya4H:wllsyFNgRx2H+zPy5dWj+MNVlQya4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.06 KB	MD5: adf86ebd356e37875fedb2b568a252d4 SHA1: 04ae93052d4914f2604d86b1a0af9d4aa892381c SHA256: 73a7f2bfde8886c3ba06e892c7d9974b5fe39fbe26b7f09e9ca98f8833d0ba75 SSDeep: 24:3YNvFwYXeDXcHawb2d+0+qoy3KMFS9Ko0Pv6RQExG:oxyDk2d+0+qoy3tSyv6aZ	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	65.86 KB	MD5: 9807b336e9c686459cdd279f46b56437 SHA1: 34a609fd5a43e3d52cb3e59e0f141aaa49e20135 SHA256: 68fe9e60b8d3acd557c36820983c3c6afed3f137c6a84e799b96d9386d7fc310 SSDeep: 1536:wRdVU7/pWtpuNKi0sNwuRzLLaQ5TbcaHdOXt8+i4niYc:4PUj/LCuRbcikXt8v4nk	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: 81a564273e70d18d06717260833f1c49 SHA1: 3af27f1d66d6e9ff0b816f959945a91dd80a7027 SHA256: 2934d49f183e074cfaa6925f87397dc1178eafaf04ea07c1bfe89f83f5d3462a SSDeep: 48:OiYDyARvHpAPkueZSY4VZUyrKVKXAvljy4H:nAt4eZ55VKXiy4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	582.61 KB	MD5: d5282613bb75825bb9586dc0ac038fd0 SHA1: 85a674ebd75fc0f232b3db792ce3489429d1cf5c SHA256: 1b397f87b48400580b0283f1fe26fdffbf6ea92c29736388b76e7616d4cd4136 SSDeep: 12288:XGY5zRehy81BvQfx3kplPqjw6W1cGayu2PsVaRSiTgPkJor8MpFpe+m79inloVAZ:/81+kvyjpW1XlGsR182AZvpiYlx	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.42 KB	MD5: c6e4b57ad9a9ba574b68f152ddb5e8bc SHA1: 6921fd781f29beb086f37a30d8ee9296dd6db80d SHA256: 3b423dcd0f3894a1bcb92f4d518dbbe2243fff4a159fc7a33ad10ed911041f1c SSDeep: 96:ywgUWBhfEwiZnBeXNjGk1pmFPTR5dbvuXj/EKaSpK2hyv4H:reXX4eXNjGk1CP3dCsKaSNh64H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	30.61 KB	MD5: 29882576f0e0f94a0706c8ada31f60d5 SHA1: 8d18952e9ee2a1a23d68efe3ef67d6257b36bf7c SHA256: 2abf7a011ba080b3ab888d214a9e91c7e2c95e243720e51081a968c6ee1a395a SSDeep: 768:g5+ppspb9CajHAfVHCnQAJFpI2NVMU4z/MX08c:g5SWcajHLQyfJNVMUFzc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.42 KB	MD5: 077c71543102dc27bf0e683e7d088402 SHA1: 95454a2a32f75c57c3971ce0888b7a87996b50e0 SHA256: 894ac8c1576d1f7f226f5695ec4de1a568d750d2aa382456afe791e39ecc8766 SSDeep: 96:ghEBi+CJUMOh3UgwSWYyHG9cTvENcpX8b7D0KdawKL4H:ghCMUMOh3Uge7G8pX8R84H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	6.52 KB	MD5: 7b63cdcd7c06174ff2213432fd892213 SHA1: 96d01dd37f4eb237cf321eb488c858d650a9fdf9 SHA256: 70879de4816454004282446fc3284e1986af410de4142714c264bf665d83777b SSDeep: 192:ycR8UOmNhJSXUY13U7NSQPaHDPe7EqJIxJhy0VE4H:vRfOQhU71EkQCjbqexJfVEc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	16.53 KB	MD5: dd1e982aa45530ea60e16dbee8047f8d SHA1: 331af1e5e07d68224560c359e4edaa27226abea0 SHA256: e6c1939d9a8b92cabf9aac0ad44e93cc40b6545e2a411f9942adb5021a5c6d8c SSDeep: 384:aJ6e4EbQmqtss80ecy2CxR///yhNnX9/4Gw8oL6II1+k2WJeaOkc:N7EbQmqus8bcLCxBXyvR4GIL6IU+k2h1	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	16.71 KB	MD5: ab811806c7379fa3c9c84a05eb394c89 SHA1: b96d6f72d048fcae88134373ab5fd90c5e601279 SHA256: 49e7a52b9bb9d838734d29cff33721618312abced010aa4fef4e741a7fb5e9b1 SSDeep: 384:HJDZfsmmdCIsIxcxhcYciITO0lukwkPrTuTmrSwMofb+Vc:TsbdC+e97gBBfuTmrSw5b+Vc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	8.77 KB	MD5: 441f8ce6f1f4fc4e067bf83c3ef5f5bf SHA1: d710dadb64a6d127763297b86deaf5714fcb0e54 SHA256: 12a8a16165ef70d234045d9a180c6c17eee236b85b76d45a5cdcd6d4fb6b326e SSDeep: 192:A3x4BoOoB+1k52IM3CkPQWFn0YV+ZStomcerJuOS4H:A32qJ01k5uDQWJVO6omcKgc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.27 KB	MD5: fa9b82dd453c37be3066797087333eb5 SHA1: 5a9f137dd1264a1c23d4378a862b09b6af88f21a SHA256: 3fe56ce04831051eca73c71e350a358cc24d61f248937ca37e40587394fd4894 SSDeep: 24:IituBja8AN45SfwGRZeskI76w3TgVo1EVSKkcANiIb/3vV5+7ppWDHLQExDH:tO6aS4GZll2iTy/Hk/T3t8aDHMIH	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.27 KB	MD5: 5d612fff748e052c60e448caa72386a7 SHA1: 0a187523ed5d8dba7162128cea11a22a260b84a2 SHA256: 2b31101b2bb0f20aa5edeb47e4d1a7e7f00c56ad7c77569a0ca2c2185b6873b6 SSDeep: 24:GvNaWVz4lKDmNJRphhqk0StcoFKkPA521p0UhW0DvD6+mQExDH:G1aWVzWIGDhCStco5890DvHVIH	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.42 KB	MD5: 6367bee37f48cbd6ce6f8feb7ae665bf SHA1: 161310594529049992828f66eef29350456dfc28 SHA256: 52d92a71416a95bf6e4cb1a2d5c59e608a3aa90f238854fc97e4dec68d64587c SSDeep: 96:x+EXji68p0sGlMbZeB4o3EdkhovdiECHV+PWFdk47kbRS8It4H:sgjMYMbwD3hovdiEGx4BRS8It4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	67.85 MB	MD5: 6b078cbccbab0d5edeaa1d85f11ba58a SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.88 KB	MD5: 1c86799ddc22c829d5f0437027bb7723 SHA1: 94d322b967464fcd87f414c7789ab4d41986827f SHA256: 19b2e8958cbf3f8e020061034b1b082e2842e2dafa929ab0d61d67b41a0a720e SSDeep: 48:Bc00RpnzmQO7Pipz57vYXQxW2fEauVNITPilICvxNh5IH:Bz0HKlTwzbVCGCv3IH	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	10.25 MB	MD5: 32e96cf918a8e51de49965801cbdffde SHA1: 0667240fdf043f74d793dab31fa09b8306f34b86 SHA256: ed1d540139ea9a3679dd37c89fe4884b2d1bda5a324277fb76eb1e52db232b3c SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+Vnym:MUvTiNhU4L7tZiTnprP0txRshym	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.14 KB	MD5: 164b01d79dc33d7fa1c56d2dc4e23b6b SHA1: b9ebe576b9c012ac929f9a2ee7336fe047e2ca80 SHA256: 27e5540a006920cc3b52cb41a7184d7994bb3d1280724ef8f4b8509a792e22de SSDeep: 48:ZDLljZVZ6s8L4JuJcOkOtjWUOdYOwjvlSqHFh64lrMygn73Sq2a4H:ZpZ/8LqNOkOZWjYOmvltmzGW4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: e6553902fe14d31c860168174ce013dd SHA1: 3342b3de80e82acbb0245a74776f25edd75d541e SHA256: 7fdebdba56748c655c365517673a2f5f102f5bf1930bd09d6e66bd38e8b24032 SSDeep: 24:AVSo98SKtseK7kZc20ifRPmV/TUW6tDn0zwWdYl8o8PwGJ8G+/QExTH:sNesewkZcDJVr4iwWdYl8LLGG+44H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.06 KB	MD5: fb745544763fb8f17f15bc82f1704ced SHA1: fec7268b8f2d69bbb4e62d70a80c02cf074ba03d SHA256: 7616c2b560901f8871cecc2b377a1f1192ec7af0c2d1f3de480485f6185ea0ba SSDeep: 24:sPisibpa1/HxJyLxqviXLmzliPAyq0jt7/4N+Spo5Eg7QExG:sPisibpGxJaso7pt7/e+3RcZ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.77 KB	MD5: 074125f107bda106f26145f3f7ae8539 SHA1: aadfed0792c1323e8c084858ffb795d26b5be307 SHA256: 2eea8e71071fb7c10bb93dcc1feec88ab000db3222fd66448bcf42c19f1617de SSDeep: 24:9zE//yBgvTl1aBMT+yqfPTO7J6xksimLW8YvBhv9fL+dYvC+H4NPZDLq8cnF0ck/:9wHyeaMqrawksiKWrFiYvCtlcF0cu+4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.49 KB	MD5: 7e0df9aa456f2cb715d6ec227a718a22 SHA1: c93ca71a1994e352c2998be61ea39b3d3f5ca7b6 SHA256: 28ca300ecd1cbd8df3db36a4bc15eeb75ea8a93ae3992127788008caa2a11865 SSDeep: 48:ODjNCQCVHiZQ39XaXPDW4X696oL7fwmdbul0CTJA4H:eNYiCI6C4zwh/q4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.14 KB	MD5: 9b621a87548d883a2cfa70204fc441a2 SHA1: 1d63cbe071de2b440ad7eaf0bb95ee4e41fb0e2a SHA256: 01780cf0ff0254f6919943d9dfbdef2486948895ea80628e5720e094180886a5 SSDeep: 24:UQyWf2PWnA4m/K14iZxjTNr1YA9FO9ljp+xvY1j3ahJTen3xKQExTH:iWMR4n14i/vNRFQljpbpavTm3r4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.66 KB	MD5: 33869e1dc257d447fbba354690c7adcd SHA1: 425dadab83d24ed806cb4f6b5c7a95987814825b SHA256: 229472de549cafb56cfa73de9f1d6d189d60e445f2f5c8f4482ac11657de2cdc SSDeep: 24:kQE8rZHWB7vgYuJRDqseIEBx2U1m+gdCcjoM3793Flj8yBjIEk1ki12QLQ1GJCBn:ko9HW9gYuJ238C1y3vPjIEk1rs1Zq4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.44 KB	MD5: 0a604711d7dfabbd1207f1e6fe2ad5d6 SHA1: 8f122b52370b8dec2ec553b40abcb22419458375 SHA256: 97aa349690fd6f6aaa1e02261890b883d683f9383e3cacda036f79bc9f7aa5cd SSDeep: 24:yXlNwcRD0kPSi6rDDHeYrANfFjtnmOiyGFdNG/UqKDZxXRa6cohuevQyDMG2zhhb:kl+crPFUeYkkMQdyYBVceuzygjhE4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.81 KB	MD5: a5b6c2ef5ed74f337d84dd79dcb2c96f SHA1: 130ed03c9650d06259446840957335271a5d4606 SHA256: bad2e17488454dce2e589f6fb23e7500d58e38e08b04a698a458f9913ec19852 SSDeep: 48:1FzgPSlDGlgpo23no1/QrNI8m3fBBjweCz/1PMFrXL9ffI3V1bAaK8t5FEMwvrC4:/0PS9w23no1aQPrjiAL9I3VRAkDarCgd	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	582.61 KB	MD5: 57667cd3102d43cc71b5d26b3c3fccd5 SHA1: eb4eea55fe95d15f4663fa9ba73ac3e68bd5ddb3 SHA256: c81bfd2bc218a0632f440b6b2863843d259c7c6e4b4d4d7fbc1bf61510118def SSDeep: 12288:eCsXY7P7imu79fe9vkiKw6QDRrIWHms7od3FIsQqv6H2:SI7P2mA9W9nKw6QhIWS3esNd	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	69.80 KB	MD5: c63cb9d978f5a5530e5539bcf86443d5 SHA1: 1696f7317cefe15114a8043081cbbd4d53b5b6c3 SHA256: 39be22832a8fdbf617ff39f78a7ad1ff5794dba45315c76ebe7df35f656a356d SSDeep: 1536:qMcax5rJvldM9BU+i6EBLozNYmEXQNA0US61w1RQD0axl/FLZs:q1axzLM9ViLJozNYsNA0MrYatLq	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	14.88 MB	MD5: 0132354deb06c352353675fce278a129 SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.06 KB	MD5: 3707be7ef9ea68bd57866d6f2856cc4e SHA1: 717fe287af407374d65ef1ee234a66f2c192f0d9 SHA256: a9e54c144c605ea98a1f852b5b870f7ff78d15cc00ad229f4cdd00f8009845cc SSDeep: 24:zzEOLEKZsdFEQEcKPiM7RjrzIAjQahIoUyh326rWlBhcQExG:zzv2dFEcKPL1jr3j5Odyh3fr6BhzZ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	37.05 KB	MD5: b329ddc78e72ac6c9d3f443e2afdd633 SHA1: c190926bc5373c1d8c626f8f001c0f1ef8e0b846 SHA256: 38dfe692b046601869b9d695a5ad7420352053a516b23e6a44ee0e1de75b4b04 SSDeep: 768:AJGGEm6S5O8Qhptr3FbMbq0ghwxtbwu+e7ae2OEOY+XHc:ykSAptBMN00su+eWYEOY+XHc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	26.55 KB	MD5: 4a7f2734713310b2911e9f5a79244244 SHA1: 0fe4819eacbfaf2e4247950fcc08b314a23cbc26 SHA256: 27829d64e0c335612d01ed1cab9fa8b5e4c15155e8b9a2b5c65d71baa69f11a8 SSDeep: 384:Yg4eNGwXI+QVZ5PGty8GCdA/R3QaLDY7eu7LQTsFGFPpJUO6CGQ/+D55BbfeRoZE:YEGw4n5PGw4+/RdLc71PmS5BbfmqSWc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	26.80 KB	MD5: c64a1623727ce61fbd6993f5ae645c88 SHA1: 06b0aebb86817a2a706aa7ebd9cdffc3344cba6d SHA256: 7547803fc247e089b10415a6aae69959f870826bbdddc8a34345b433a6e3f937 SSDeep: 768:ZmKUS0lvKY+wvM6sGRYGGdP26T37M801eGvdGBmWzxc:8KavKY+sFYDP26TrpOdGBTc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	65.86 KB	MD5: 7ec27e7c2690154bae1e04216c22ff44 SHA1: af95191af0c9e45514abbf44f01db0c779b0f6f9 SHA256: 942492ee71975ab697388d64314b03cc2c5799e4163ebcac81af2d676b4ff12a SSDeep: 1536:SBVTzh2bNNFe5qygG1i4PAnL/+ETmqfrF6D6QUl6c:SBr0NWl1LPAPrFW1k	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	5.67 KB	MD5: 071c1b6038d3ad958e750ded7693c20c SHA1: 6bc46c430da0882fe6a196abc168242effb8fc67 SHA256: b1f056f321b789bd43c9b717df7bad9501e30a7f252dd43c9bccbae7193768c4 SSDeep: 96:n+R+NJqDmHfS8uPvK+UHbtAXGBQHzNNy1jTYlFyR4aUYzIGST2QOQyGO/Ybvfqkj:+R0Jq1jvKrLQTNojTY+eQzyKtxwbD84H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.60 KB	MD5: aa1904ef3f872f93776a11ef79e060de SHA1: 149fa988ba3784d86987f900d2cf48ec33e53742 SHA256: 1ed3d79f7deba56338eaff091adee2898e5e8dbf671b6ea4ef9378003ad523a4 SSDeep: 48:Wk7DUN2FwIulk4LzvO3DP+6RobIfOeg4H:Wk7DpjP4PvUDm628tg4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.42 KB	MD5: d97af0b44ddc05a073c73294f5022285 SHA1: 3fcd780d0485c59aac4ccb3d934281426e109abc SHA256: f0895f7569fad0691d4cb84d0560ad4a9e98a3bd613adc2b11ce40d20189c3d2 SSDeep: 96:1KUfhPxaM0mKpFFiruJRyzJ4y85iDtqPgjkk3e4H:R2M09pFQruJRyzg5s8PrKe4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.81 KB	MD5: d1b8ae682f9db4ffc7f65df852f58a29 SHA1: 73929d7a903495d45696e7c3e8606db04d220a38 SHA256: 9fae6a0b6ee213868bf3946ba89e99238faa00950009ead1a972045fb2ade0d9 SSDeep: 48:rbBYEQjZSFhFsBCBq1aFXT134v01oWs4H:rbz6IF/UCnT134vz94H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	9.38 KB	MD5: 4c6494c6ce84485353bbe3f18bb0369e SHA1: ea097feaa213d6027fffcbd39cf7864e3ee8ca4b SHA256: 30b04147e40974ee826fdef4b14794ee1cd40a1ffa43a839c1234dc5e80adbb1 SSDeep: 192:FQ9IcvHg8uriZyRsCltUmzd+GzF8KoiSqY6fOw6B4H:FivHFvZe4mMaF3f0Bc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.19 KB	MD5: e78191995fb85f7c89e36be6a8330273 SHA1: 50b041848bdc878bdc253ffe71d31e92c20c7f33 SHA256: 94e68a9c49039f17432f26f8bf0e85fc983aed689b92059d14d12e844f1f0005 SSDeep: 48:BOQROnQAcCJJ4YSKaQbxIdZJaZIv6Nr9a5EHvs4Av75Xe4H:4aTAcCJJ1Sh0xiJa6qTOjk4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.36 KB	MD5: 4975ac5b1757b03296833d4cfa468d62 SHA1: ba44f38a93c7bd10624293834b298243ed4f4810 SHA256: 3cc5322e686da695c76128d42c71eb51a96bde66811574a146fbbfe141c26899 SSDeep: 48:rT5u6FSy3oUHYfcpWEyXGjWNB5F3TxY5nq1zUO+rexY6dKy+VLwp4o0UC7vjftLi:3X7oUH7sE5uf3tCQMWLKzEp4Xf1eO4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: 1866b7749f6f39f449df87f831c7038b SHA1: 5c618483ce887c8b7fcc3094ec9de0e2e03568df SHA256: c77f87971a295a59e6732b12c4d83e0f14d19648b6274c58de719e140c929de6 SSDeep: 48:C4hx6ovdkn/Xpkbk/BCr/1X0f6VznIFxOZ:hDdkxV5Y/jVkFxOZ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.35 KB	MD5: 9ba96ad68adcfd4b8beb263547ad05d1 SHA1: 2032ca59c6526b73090bacfa84cd12999fb5c1ef SHA256: 0499979b35d630f19725021f15394abb91e114e5f965d7958885fab435178edb SSDeep: 96:LcGqjjNbpoN+xuq9C8uqQ8PvXUCcmt5Mb3dMAcJnfoF+0P8Wo6WekR4H:LJ45biHq9PlvZcTdMAKfoF+00W6ekR4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	16.53 KB	MD5: 264991678519e316dec83a121f42a7ba SHA1: 2013d79872c5f2be703a071d5de6490b157306a4 SHA256: a3cffb13e872684a87214723a90700a2e42fcb74b71385aa6ce56b5c962f1ad5 SSDeep: 384:i+PosJKsfGUfVKC+Z6qfVaxV6lSXBNr4hYeIN5VvZ9uWc:r3JKsfRVKC+Z6qfMxCSXBihrIN5Vvc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.66 KB	MD5: 2acf52f5a4d2889e425491f655a99314 SHA1: 6fb6d8944ffb92b7acbbf37cf6bdb0973cc3ab21 SHA256: 6979a0cfc78136e1fcd0e36e2a43a96cf08cd6d0fea51e3f02cf32db8eedbeed SSDeep: 24:n2C0BdxL5/KWOOR2e2dy1Jqv/TAh/PgcQyUKvEgbjFUCISL/eG2Y4QExTH:nn0v/KScBy1Ev/TAtNF/vdXISreFE4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.08 KB	MD5: 256035b87fa92829be41a597374a32b0 SHA1: 411b41c5e632de9755c8ffb27f365931f5f3e2c5 SHA256: f96fdbd3e411ffcfc9bc32fe1ccf7899c2e4dcedd457c89ef30d05284e674a0a SSDeep: 48:b5pip3gLHiofu3tf2orDByC7UlXG2StQRjKaL4H:bOgLHJcYwVyC7UxGptOjXL4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	6.52 KB	MD5: fa605d36ec11fd820efb98cdd00237b0 SHA1: ecc1004e23d4d20d9f54395069be70b3c62df0de SHA256: 897593432f3e0dbcaee8d77156c919da3b8bc169ad4b599460709e7cb3cc27ba SSDeep: 96:6QUinDvFb9KfM2khN60/rSKFL0hzoUxPbof0u9LBT2Y8YKGgjsn4i/WYKYArCF+j:DJFbVjNFQhznxIBdFay4+cT84H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: 944825ac3e408e7d2761ceac43583c14 SHA1: 381bc8ab8ab64a45664ccbe29db2e4ac134df6b2 SHA256: 1ea327529c1de855595ffd0613678bbe60c06c0e1c1cd6f54dc495332077e0c4 SSDeep: 24:GP2sxASjuB6vyo3+T3AQ5Kwt6qHltQlKQzzwJZth6w0oK3NZM4A7+Im9DyGogQEJ:GP2mPu0ymNwtdHlvK2xmNZ1RJxS4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: d7a73d00c52b897b8124dda54e6abec2 SHA1: f76f4a682fb93ec5cebad821da968895e78ff8b7 SHA256: 171386b740513909d8de272ec184cd74dce131b05f133e55664c017a015b1fe7 SSDeep: 48:FnIo8rbaaeW+spRRQ3bDUZvzmZ9MOqdvERXkd4H:FIJscRRf7mZ9hqdEKd4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	5.99 KB	MD5: 212624956af3d3fb68b2b1cbca7e3ed4 SHA1: f726be982704a856e393aea242c4c89e527fe6b4 SHA256: 9d218b1579e19504f75d7cd4b9503b39f78d8abeb0136dde614dd1e13d07eb49 SSDeep: 96:NPQNJOctLD2qyp5WLoaUNO2jt3Ygobbrh8VHGX9css1DhriloHYHS424H:NIBZE/O802R3pobfqVHw9JORzHY+4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	16.71 KB	MD5: 947bb2d7b579dafce3133835b24ec451 SHA1: ce4e2f4b92138163667da6f902cf02a646ae7fe4 SHA256: bc5e45262e2599ed0166bb58aabaf94a7a6a20ed9b96d371e102bdb5c09ac72a SSDeep: 192:vwi4xoYKJdnxUi3FUpVWSk0gKapz3UclRrv/9S66s3oiwg09J2gAfafiTl/mWv9a:Y7234rOVPhv/o6/or9YHluWFoQQ1qNc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.48 MB	MD5: 6c97f4711659de81520512316701977d SHA1: 732f8031f91a5d9221b7a75d3d2874ec4d6a191b SHA256: c53fc20b59b862d7d227432d5cc67f41d02ea2fdf259b9717017ac1e3ec29817 SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6Nbp2+vi4eLUWADImOgFwe:fqLVW6vhbfqRcDImAe	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: a6ac983a11e4cccd68e0e89418a60095 SHA1: b9f290316579215c756b6697e962679c9fedc6b5 SHA256: cde1257aaaf8b50de71438a6e491cfe3f6f112a876023913dcc9c5aa59cd082d SSDeep: 24:gFwg3g/cVKU3LWqNQIz8WhPWoplB6xmr+zkc9zmuGsWj/otGej/WRz6QExTH:g0/cVPjQRWhzlBMLzYbu/c4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.81 KB	MD5: 53f5c11c7aee4b076ea8ec0feab5cbc7 SHA1: a441b57d3dd93499976ce30698318e64b42db7e0 SHA256: 87a3096d7aa233a48511a179ce1e4789c4e7996d6e7886917fc79208cb6afcf8 SSDeep: 48:6/kYfzJZsDEEJmDv9BYJ/MbJrk2lpshJhPhIG4H:OfLnsjJ0BYJW9kUpsJhpT4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	6.35 KB	MD5: 35020e412bbcc739d0e8388974b34c8d SHA1: df0471d8bf5f20cac5a99cd0a4de1e9b0325bb2f SHA256: e032bfae87371560633e2edd9316a04d601f5c0c0d16bae9709449eeb2111901 SSDeep: 192:DFooagngQ59k1L7w3QOtfW8aNWkU6/aq4H:DRa/Q5YLKTtfDaDaqc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	9.52 KB	MD5: 96c048ef9042a1e59857055e587c5494 SHA1: c6070dd016d6bec847a409ae9eee67225e257d5c SHA256: fee869097ac1297c5508cbd47fd348d5f193c8157e05e0ee7ba247cd44d596e3 SSDeep: 192:zEo93FfQCzqWzMrmT6tJ0vmmZnjlP65Ny/1WJSUUNdmxhr4H:zEo93qCvzMrw6v2vnj8sujrc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: 75276f804a8c350b438e90d37355a6fa SHA1: a4b88be5b567220dfc1c57192e159211b402ff16 SHA256: 29ffc671e41e9c8f14f3eab898218a77ce0cb608ee332940f2c0ab129b85037c SSDeep: 48:JrjvixZwat4PrvVRgdC0YsYlJUzHpGYDmZ:Jrjkwya9RgdC0Ys+6JbDmZ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.35 KB	MD5: d26900fd3ea21665d9203ab14dbdebab SHA1: 7c5fc46d36b09ca3339f3e546ab87eebc65d9a50 SHA256: eb864fd07e5f4b0fc1d098bfd650440fec42e86d091e5cba3d6994ad427d1930 SSDeep: 384:wHKTilLF4tYEVSVVUqC5yUxTl2wzSn8X1iEYkWLU24Rc:nG1WtYVVudLhz0i1i22uc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	8.77 KB	MD5: ed2d23dfe5e348a604fda06d03498122 SHA1: 448b4a0eb8f9d06045f97295edd5ca393f9cd9b6 SHA256: f9fdcc7a117e775d623a0fccf18b438daae550348f07b1ec732b50e686629f23 SSDeep: 192:Ve4yYXA+/dq/o+eM8kqGJ4fkp986Cabq/6w8GfI+xLBYAuqz0m8m14H:rymb+eMQEp989ae5hxaAvS6c	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.61 KB	MD5: a5a0d9536f0f633f952ac98f6e7a7970 SHA1: bbbc8a8ca2d519cbfecae0640d1bc73d2acb6a7d SHA256: 7571849169deb94b271c0740b54fd48c82f7c7269e2f8f02e04450b744b2f3b8 SSDeep: 48:eqLl+gm4a3xxOAVMGt4/3uuM8oyxaLnh6rKQvTnzFvHZ+NeGN65CvMY71mQ4H:TLggm4ajMm0fMYfTnhR+BNTv/4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.00 KB	MD5: be156d65949e7115fc5e2c35896bb52b SHA1: a1220c34c1b01ffa780af0962ff155aec2906a6e SHA256: 13d460b626342a32745c73fecf9bf2b9fcb72eb7f1cd5b8f61a9fcd1092c2a8e SSDeep: 48:8hwx0QJQE1uJ8HS8hbqMiKC04v0Lfd0T6Nf/EiRiG2RvBye4H:JxnJQSEkXhjiKC04v0L10Ti2lBye4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	11.44 KB	MD5: ae26ba7023c1a029e36c66cb6d0b7c1a SHA1: c0bbf3ddf773d442d0d9f8ff449c3607b55ea3e6 SHA256: 27c0b001229d54e526602328c839eb5320caf66fdf4fe166542bb75b22cf5be9 SSDeep: 192:mLbjW7gfveIA2W57+qrN7y4FWxIorzhiSW9Qq+EqT6cT/JQ7GUYWNnpHaD4dUbqc:yfWUHeE4vW4IxIon/W9QIyODnRa8Uqc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	8.96 KB	MD5: a804727c17f3bee811c179112864b7a3 SHA1: 381efc32c4820d05ecf3008ec9c901a4fbae3ed3 SHA256: 08c279710ec15d5298ecac735da55d26bab52e27d9f35decc55594b2fd938941 SSDeep: 192:Y+ySS7qigbgYMlEwG+r7zstWOlc5TaTZlocYMv6vEHWOH1CI2nD4H:YwGqigbg7eSHJP0T/oMv6vE2AAnDc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	42.53 MB	MD5: 4fb6c079967f604d4b8cdf477caf6de0 SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	38.35 KB	MD5: e0e06ef411af508da01e3d3fe525aadb SHA1: 6e614dd124a4814837c38b8b1c307b7061613f14 SHA256: b1f5ce123a68b81257d49e8d122927de7764f1e992dbd10a1d17fa8cae51bc7a SSDeep: 768:7ww0Mrl+DZuRFHHTgYnavNVCUZ+bBnl2Unk5/rsgh0f1KJOfUTc:JJ+DZwsMarbE7nkRt0wOWc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.86 KB	MD5: c56505742e55663e26e7a7827a74d2f2 SHA1: 08bd8420bc5cf4ae9b7b05e3118ea2e2e34a9be7 SHA256: 5f7ac396855b1609d9c98d5bfebcfac53e8031efef5ee88de17104f3952b1958 SSDeep: 48:8FFaEledqeVlrEsnK+uAul2CvdGNRVIy1LyK5Jlvlv5R3SpzqtPXjW5D4H:89wNEsvmsYGNR2uLyKflvvR365D4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	8.61 KB	MD5: 1ca295d71ebe8250ba0e881575820827 SHA1: 1acf839871f1943be7dac77e800532ff3ccb57a0 SHA256: 765e8b3ebd2ea7e4cfdfe5ebb41077da0edb0fc9b57f137287f49465aad06228 SSDeep: 192:7IJKPkK9nFieXtbpKhV1I3lJcHOeGvg3Mlk9JoOimyKsbHL9A+88r4H:79PkKHig1u6JtvCMiToOima6D8rc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.05 KB	MD5: fe7b7751308123ce2d03f710d40fc4e3 SHA1: ea85ad8e6c6f1589d14651ec4fb4aaa545a6d333 SHA256: d533d5152f8c111d7210038503fa04564bb593086580a39703214b069f7bba7d SSDeep: 48:6/nlBdWc36yl//wqiTbg5/XrJwyq0hqVhmAwyyalpIXCggr14H:6tBHh5w3Tc/rJwyFghmu9lpIE4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.13 MB	MD5: 55ae5ed39c9207e33c59beee821a73b3 SHA1: 26e0db682b42b21830e1c89863c3b9cd2d0bcc75 SHA256: 72819eeba2fbfab77424c86ab038568ed2e843ec12f436ace3fa3e0e863831da SSDeep: 24576:ZX8q74jGqBkxE2OodwO6zRPGcR440gb0NlXUGNhKi660ZmuP:V8qmGqumvyDE30gb0NlLT4P	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	222.22 KB	MD5: 5efa8255d2b31113fbe8a5afb9a9f4e2 SHA1: 6fb048aa91fc6832cfeb2c6bd453c33769db0492 SHA256: 781402357db1619eb1f6e44f352a814b091b424e18554fe04918a57207753bfe SSDeep: 6144:abLlnSxRcjDl6aCzpB5F4K+x5iJ8a2MsIH:a30jQlGdPF4Hxhha	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.78 KB	MD5: e0a7a25a9b7a8d771d625f648ec8aabe SHA1: b617e6cd33d5903aac84a33ca53bb2c5ae5161ed SHA256: fcff21e730955dc035ef11305d15dc80551f95165a971248618b07310b979b1f SSDeep: 48:0LW05VIIQDj122e9u+psr6lNaS2Cft/Xpsf4H:0dlmj1je9bEjS2Cfra4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	24.89 KB	MD5: 860161a70cf9a46e69b4ed40c27f6a08 SHA1: 39607e51b6f8ac6002f38d65f4f272fdfc6509fe SHA256: 2f73e36f1806a47236432f3df6a58a95f5353e0595e09148276617b341032a0f SSDeep: 768:v1gBVxusnZRbgbZun/2O4cNDhH2YTPL1c:vYbZSbZun/PtNDljRc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	11.70 MB	MD5: 052b4a3aaf24e1879297e0f1408c7662 SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.16 KB	MD5: 5c30ed59ae93797955aceab5701f18d3 SHA1: b14f678a813a2eb595395898b3fbe098ad4c5383 SHA256: bd380495b76aec9eac4f9abe359ca4d7a1cef614c61cb934240b3d5a5dd4cff8 SSDeep: 96:VFEUZ4mRLMwjY4h5nqdPamj4cX58h2uB1GHai/p4H:VFTZ4mewk4hwdkcpUB1hAp4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	19.56 KB	MD5: 281ef18d445a77e15a2b513945e1185e SHA1: 0ee88fe9b9d4893d38299d36abedcca2a2bdcf66 SHA256: 92992146b7a9aabe3cbe848e2b182f7e68e6a0ee1389ec613577ef098d26c676 SSDeep: 384:lS2QVUqS1xZBmYkcoEdwtVRJmUbzNkY5wEO7R1Iu+dPjIrq/RUz6oJjGKe0c:lS3VUqAxaYkiiS42OwEO1r+dP8ARGTer	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	855.25 KB	MD5: 686034e402773fcb32f665a3b2dc8177 SHA1: f6607690704a60be3abc4a6a82191ca4573fb306 SHA256: fc7d1ec24d4910a43cadfd1dbe3e275a7c1bbd0000000b28ab8a985361cc8b1c SSDeep: 24576:1EXYjKAStKbharB1OROae/88VTVvXM5WGj:6YKKbharjOQae88VSWy	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	13.76 MB	MD5: 42ac6eff5aa1dad153cb32ec3d616e43 SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	34.35 KB	MD5: a7444a8cf3a8b4650f385a8c759f1862 SHA1: c7aa73294681973fb70fcac1ed736157cdd075cd SHA256: c7f328e5785b85cc8f2b40747b4d45f36dfdeff98415e369919affae9ca326f5 SSDeep: 768:aLt1CX8aJm6j+uoB7JBybLWVEw6PJUutKI2wxF0wmH2KQMZJs3vyXTc:2aDJm6j+1VJMbLmEw6jH2wxlyoysKDc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.03 KB	MD5: 5ad14764f6627e94ba2a17401862e17c SHA1: 71b335d1471bc639c0c900c5805f5f8bdade4a08 SHA256: 668a17938d8f4f84627adbff8b345bfb4c69db72616330b59a48c1e38d14adce SSDeep: 96:KzeuSp9ubStrgbKN4Me83jiCjyI/1KuSt+QZ4H:8ZKuO5Ft3HjPAtnZ4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.39 KB	MD5: b4662e2c320905596a56fe152d64930b SHA1: a4f17c7addef532b4aebdce82342f908f14b3eb6 SHA256: 52e342cfda6d530f37017e45ea19a56dac29415586ec6aed8a03252624ff647f SSDeep: 384:8manDIWWtyMYi3ODGItFfOIGYbjOwYNXksGyhakZLbvCY936U5K6SODDBalXl8c:+DoEgODltFfOItboXkUIcCk36U5UODDk	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.77 KB	MD5: aa5ec4d95165f163587a673c0ef8bcd1 SHA1: c3cb8c1f8f4c9458e524861a1a60387b68f10079 SHA256: 72f95c66cf1e537a7652c24fbb3ef45ef3bd1287f93d5c7e57a638ec32ae9c70 SSDeep: 24:rpwtwMiZfAS1U2pW9ap7k8v7ySdEVnXNLRVmV0VExzu3ta7QiLnqx9+YxCi3sQEJ:tLF7V5CVnXNLq0ORGaMiTq6Ij4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	32.49 KB	MD5: c8afe6bafb8b9d988b622498ec997c1c SHA1: 4aac832a5eb11c46018a980ad2a6a393c0396508 SHA256: 0bc7cc49a48a7559570677877e15ccce2fbd56044efe270f0ea7eddac4ee5ea4 SSDeep: 768:j39Zva552zIZrYdIB6dO4TVZB8LHZRBh9gr4vK4HEmSKR4oWLac:j39ZvctZnB6d3c5RzK4Hp5Lc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	27.00 KB	MD5: 4df27b0ecec344421400cf8220dae669 SHA1: 8bffa17b00f197c1a189315e8980acc4774cb23d SHA256: 47fb07224737947bb537a12b531af5373fdc8788d6764c2ccc075a23c0b4db83 SSDeep: 768:iSb2LIIeQ7O1nlw4yBaOAFtTBsl4O8x4qhxSlg80c:iSb2EQKVlw4azgnTSF0c	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.38 KB	MD5: 0f7d4b1fa48374533cfe5a0bef280a8f SHA1: 37a9292d86a6b2051d14d68f0b0ea70fe1bfe93b SHA256: aca20760e97c3bc0bf3dab3f5da786254cc4459f7af8d6d57328021006618f32 SSDeep: 48:vwVCOz9AxLxawRjlyAatEHvnbMlAiCDCgWj4H:vwgwwRj8Aat2vnbMlCDwj4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.64 KB	MD5: 4b79d8162a0c705a64d7c4cb9c80bd18 SHA1: eedfdcf360adc9f1845a4c2f325bb0ecae80e4e2 SHA256: e0233e30275471b7cf6e6089cb1bccad7249818dd2ad6f5afd1b8162b465f949 SSDeep: 96:svI+95gUtk8VxGi+u06m0yOfK05ZOWVb9WY4H:Utxxl+u06mdaOab9n4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	31.33 KB	MD5: 149ed98a7bf21a757ca7cb88fd1b4aaf SHA1: 1ea02c4de22f5cacc014b7cca7c78f3d749ff3b6 SHA256: 4986968bba0486d22e81e2a282724fe7c816e7f396ffbdb7c9e123c96cd2c3ce SSDeep: 768:Pa2gAiuyjOU3WcJQhHeTlHOFZDyl2IcA5PdVeDRNTc:LAtGccHecZjligc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	860.75 KB	MD5: d5d213fb01bd0bb7dbea447ef968d1e6 SHA1: c7307f060b53cb4115a627710fdd4a74caa820f4 SHA256: a3fcc266becff449217f1fb5dc44d2f5477623523eabaca47fae2426d5e068a8 SSDeep: 24576:DPgpWjRTJsi0UihOfg14d0m67fNWVu/XzS1/1wyXlR3E:De+shyA4d0mac0/Aw+5E	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.17 KB	MD5: d5dbf0b8312c2a8c8eda111552fe8697 SHA1: 51e310ac42eeba8b8c8273c2b6d44778a1bf4bba SHA256: e455bbc0e042bed32da75f194b1a55f0d2128d40ad111fd880305f4f9a2422e4 SSDeep: 24:W33c72StyWOxCLWlUVwmDt4CDbpvg8udLVH9ia3NIiNfQExTH:W36WxxIWlkwcxDVgvL3NIiNY4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	32.08 KB	MD5: b1e78963540f6c74675a20471d29476c SHA1: 61d6b8e545d012d417dc6b5a5c43b4badca2e720 SHA256: e2b8a918395d95c83911e2c10732214dabc7274c634b23b69f5fe5eb05535663 SSDeep: 768:+5Fz5plm3srogZD3uS89F1wFYke1ME0qIkeic:eFPNZr6fCGSHic	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	29.47 KB	MD5: fca5ceb8bcef10433e3f904f8e65d883 SHA1: 8954bd30708eba3f3a1f22560f53b016d16ea185 SHA256: 540f2bb0048ed986528bdf5d52d9bccc1bd196231175a5ba53e7d7c387e6df52 SSDeep: 768:CjJ/KPsVY+klq+6fZzTSSJkSmgnjtypGAoUJRZPt2SLbO0Gxvc:N6BTNZWSmDgRpJU35Kvc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.58 KB	MD5: 4452253ac4c05fdd9e0e83a4137f51a4 SHA1: 1e78d26787121ba9bb6257b6b6ee911e148a0e66 SHA256: db0ed7ada8c32fd45833f043d3a3e0753c99565156689cef5ef4496e83dd720c SSDeep: 48:ba5JJV03GQQGtPV2HliDoza+4CZ1qmEkKJGnNAViD4H:u63LQGN+lgoza+4Cmzk5NiG4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.14 KB	MD5: 8ce48c318f5c35942b81d9cc9320d1c6 SHA1: b7e5152f4d1b45d8a306656e9615b615f9e05fec SHA256: a251c7e8a250616aa9ac1a28a8066317baa7355bfc7d65af7925af26b7867a9f SSDeep: 384:bd9Qs31QJjmZPsmszPgtOB8Rw+rN/JbTwtKf636j2YPQ5K1eBSafh7c:bd9pFQJgmbg1f9KKvjxPQ5KEBSic	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.24 KB	MD5: 896c6f5487730869a20c0f9d43d0ccd8 SHA1: 13aef64bd5e1708eb24d3892e521476793b1dcdf SHA256: cd5f9999e0ce0bd1624032c7b4c9b61828ab4e0464b033ea3fa371c5e7fc69e3 SSDeep: 48:SYakpfDKn5lmtXWpad5Mi4h3YCLyR0Y8jAbfaRJKymiApfPnC4H:5aktDZt5T4m6j0fJNiEnnC4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.84 MB	MD5: 3d0e1f18676626331ffefafe53b18248 SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.50 KB	MD5: 74b83a5948519d32759c2be863fb7cae SHA1: 2378b692aeb342946fca69ae08d61a0ccdffce4f SHA256: d35bed6929d189703ad6a39a2172464366a00e991c0109f41b9fbe70fac05a45 SSDeep: 24:muJ+EvfVLxx3nHW7dZkNAi3rk1KOF5s3hqoR5diPA/eXkpYPkA5UYfJPQExTH:/Jjvf5m73kJk1KOFOqidi42t5Un4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.50 KB	MD5: e7f9a1c43da57eb3caa0f59a01fb0fa5 SHA1: d65a6880f6c77cde31f97532b9fc3581b89275d2 SHA256: 6d8d489b3a20c2e312f461255f6a048264876072a652564bb59c57e3e76bc57f SSDeep: 24:YdO/Q/mlhxhfnDAxc2/y4auWr0NYN3gmMODQHMRHkGkIa4WRT6s8BQExTH:YYtlZr2/yPuWr0gFnDQHsh3aR8q4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	28.17 KB	MD5: d4c773e68b0994a48e9e002625149498 SHA1: 08a028508be237f3b3715f1e63d222e9e6cf3621 SHA256: 479f49e39d5b0e0e81e4f08edc90d174a32a336bb605cc26c21213b30aae3895 SSDeep: 768:NlOYYmyy6NZ0idzkjjVknkT7nhSfJBTdAc:Nhy1ZjdYjRknqnTc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	4.11 KB	MD5: ee9cd7f3cecc89477ee2e69cafd696e0 SHA1: 766e306495148783eef4d87fa96a00f70cd32c60 SHA256: 03302c97672712dbee8db24d4ef015e13ac917067f8bb0737db067e02f51101f SSDeep: 96:6hUC6X8GZeZdaofZNvVwwapy1foBCSeLJ/OCuyU4H:gU2G6739MpOfE8A4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	32.74 KB	MD5: e79573fba600b5aab7ed42391d7a540f SHA1: df781e1586ec0538649951df6ff54c3a45d72ee1 SHA256: ec18facbbd2e3ed7fc64460279e8cec984d46f48097fdd27011227687e05c48d SSDeep: 768:GFXy7aNPQhMUD3KkTYd1mir89rzZZ5Z5r6NnahP3Mc:SC70a3Rs1mphzZZ5+chvMc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.33 KB	MD5: 68e0ef0ccd7feb1e688700d7b63f2c32 SHA1: bce18def4a6faa08a4fd85b782484ea4ca4332e0 SHA256: a6f1a655a07847511602ed6f38e811c83f67c46784fecd603b4ca0586b27588b SSDeep: 384:L1DCbIEccXILMNZPtbj6SkY+P0U7VdcW5QfqAolGhaOwtz959hOmc:LO/Zl6r0UBuW5QfClnOwtz959hOmc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	865.25 KB	MD5: c3d484a6b4126a8d0f3070a83dbd52e7 SHA1: 9f5f89c440301b109360c346272b2f739e474c71 SHA256: db57d58ae24698962045bf3d91360e8954b92044385437deecc5d007cb5ece0d SSDeep: 24576:AqtoJXgW7mJ8zFp88Yls116HS68xErRh4Ovq6x:AlOctYq60x/Ovqw	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.66 KB	MD5: cb613525a783d1c1cd6637bc7482827c SHA1: 91aa6ef3c6be52acc019b9ed018b0a558dbaf192 SHA256: f7189b4c9056e31bf36ee95929dcf4e7d8727c5b397b1b55fcf3e5f566508d66 SSDeep: 48:Gbt+nMXdDPzkKQJJonoQdifL5p5jgVwYrsV4H:UYnMXTQAifLP5jeE4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	24.77 KB	MD5: cc714e2d528996cc86e84e63f51eafa6 SHA1: 05e3d9c02286e43d559cb6c1fd731fc431a317c7 SHA256: 73ec069feff908cdb7296ccea9d49e12ee85af91b70ff6f6f9099335c19d0d5d SSDeep: 384:Fjc4HFRYroexa1D5yZX/QBW0chQyiU5/xuZj/SOYD2LTooHCkCRN6UXfKmf32Icc:h7z0oe6yZPQBW0chzOTSdDyC7RNdFJcc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	31.89 KB	MD5: 934385b3656cd6ecbe41ab3eac6c1707 SHA1: 796060c35c40c838d236896f30e0a2ff6303919a SHA256: 4694b3fbce015003834b74edc2d1eb65b809200aa24b56a53791536db93a50bc SSDeep: 768:cTctmVCwpG2cyq04eLTSqEokGYw54YpV5c:OctYGD5BqEok1w54Yc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: f46b1d278c2ca4302fe1e6d3b4ff9b8a SHA1: 6c80fbe371353a80e1f5b4eb7c21275062c083d6 SHA256: a49f2c99474c5f812d2394ef08e9fc22080e201e28ee62bb0c22f58c2c68e61d SSDeep: 48:mA67iBhTFBdVmuGHbtSKelwjVCMQ/PlVSqY4H:u6ibxM88BHGp4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	26.03 KB	MD5: c4bf1058246b85db8a51aa2866f5662c SHA1: a66c5f968bce89b10c495c6c72709691e07c9ff2 SHA256: d0f64e38c9ca4bb0cef08da483afcc835361948f4689dd504eb238db991e51de SSDeep: 768:Kf76nUiyI/EGW0P4ImfI/ahUWKdamiJwoE50auc:KYygEGWSbmp8damiTE5Ac	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: ee83c690175555e6b1529aeff1c05b75 SHA1: e63f95b2cd57a42fcc78ba364708516b9100a6c1 SHA256: bc92f240b26b6503f8f5628b6ae86e1d10d4104414f6a3bebe6752616b52e13d SSDeep: 48:Z0jI9mhgPyrIAqlcjAAAR6GkMzRciIm4H:Qbgl5AARLk8Km4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	848.75 KB	MD5: bce03758ee088797c6b3a8228189f67b SHA1: d2506685829a5228d79ca9678a5a3ca97348ccd6 SHA256: c593444a30b0ed8f40e78dc43f5bbe02266efd14e59049d2aaf36a39610fdbcb SSDeep: 24576:U3v1tUL5reFgasL4HBUl6hYVmKBVaAfTrJT1hNxo:U/1k5reFDsL4Hel9BVrfJZ3K	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.56 KB	MD5: e48a0bc4bbcd30528238a93eb9c13ef0 SHA1: 7752df6ac9ae6705f50def0de63cb8a6eca1d4a7 SHA256: af5cd34a45532175fb73f69826e5eefcdcdc290ba2e94500b660c08d366826f2 SSDeep: 48:OM/7vgmJq5lzZGrX5qPTzBAtDwXu36R4H:O07vgmJkU7o7lg/3U4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	31.92 KB	MD5: f9b10061e67acb44a0a428423be10001 SHA1: cb8b39621e812d93304547c5a5c29b78a055f013 SHA256: c8f1e4a1e242014cb40d180099f40e021997650829becace169cfedb7b723169 SSDeep: 768:5eCoz8C+i/jphvZcVtw1bigoPXgcAADapc:5eTz8C+YjvZcPwty9Qpc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	853.75 KB	MD5: 35480355e561a58e0231c90645f41879 SHA1: e5f411496a3135911836d212169bdeadf8a67391 SHA256: 1e093792d262499611b2a0f9c07c53b817aa095c56f20d1315d93b8f4db248b8 SSDeep: 24576:SIhglrVGwvsYijQQxI/buOC566bpiDddFre:ClMwvsg9/buOKvuddFre	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.74 KB	MD5: fa359023ecbe92483ff1c9f57f50afbc SHA1: adbff610e1d8b1baf7d60f7f3aa0a22ea58565c5 SHA256: 97425c33e8f41ab570b541c63a6259b0c95409f334c3b1c144df8c1a86486a49 SSDeep: 48:oOq20UasZQH5qZpHo/E1R29EgOnG4Z9el6xqvF2oA1qYSGOyG2JY8bp7sAbloBqM:kbsZvZ0Ea9AnG/6xqs1qHGXBbzeT0Bgv	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	59.55 KB	MD5: 7f31e4a1aacc1ac0813ebb69d2e2605d SHA1: cf7c5aec62eb6c5b14525ee2996ad50ab4f4d52f SHA256: c8c436cdaa11372e750e088cc6e1a54f534925a34549547cfe7d196cede6043e SSDeep: 1536:g6aau7MLcZhsDkpSx489RhUq1y1V6JI0YWKKFfc:g6xuS2h2kC4B36JInWTFk	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.77 KB	MD5: bee9bd8ae31c4f0e1dcd2c0bb7ececbb SHA1: 5640f163e16b016e643051a3509fc47726e17cd0 SHA256: fb7f7a8b10a7549ad040ad192c5e10702eff7f08ed6eaaa569ff52f714253b74 SSDeep: 48:FbrpOGLDi/eM/1wCRjXaqxNNanbtHUqcmn4H:JrpOGLDimm1wiKwap0q5n4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.14 MB	MD5: 7ec6e463ef79aff208d2731e85f908cf SHA1: 4a93c568c27d5b9d2c01fb8834af2fe52af16441 SHA256: f93d1e9a768afd4ceb090ab98435718abb1322eb2fadfb07bbba6cb8a960631d SSDeep: 49152:zDxL8QBo0Tex4S120ytJyJNLpNa23NA33vd:zR89t1BZpAK23fd	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.49 KB	MD5: bfbd6d467ee955860e57e21b4d91962f SHA1: 40c092553c0e171afdb73cc7fcc9e9978785f6b8 SHA256: e95f10b3537ea5e1f09133b74c44640f510683ae567d8b0ff3236022d25a098a SSDeep: 48:/iDfTUHJZ2eg0FpaYQJPpFt8kUjhpiaaqq9HELtBqatLxhINRyZLro4H:/iDfTUpZ9gMktQjSaah9HEj3tfZLro4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.67 KB	MD5: 1de300b53cfa87feb0cda3ef21e6d933 SHA1: 110a60e21b36ea3ef6e9ef18f0904571ff0558ce SHA256: 2fcaa88a74b5c5e7337218f6a55dd8d837715b1ac0f834b5c505baca75e1ec0a SSDeep: 48:o0cIyXVUSGk79Pb/Ffuose0ddXd8vABVgnNZ:ly9L79PbNGe0XX/VQZ	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.03 KB	MD5: 7fbd0b76df9f31d738db5f7305aa8997 SHA1: edd966e73f3922f76371047382f64207f473c24a SHA256: 9b720bdb6bce1eabdf7cbb84f002fa79b3b70867ef175e849f57ff969598a0a7 SSDeep: 24:4V73enLkCeexPga7Ku3qMPJdfI+E9ytlJ6HuhcTS38DQExTH:UWACeMBqi/T6ytlJ6OhaSMU4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	5.99 KB	MD5: 0b2ff944d49892b9237d01c0ab494dad SHA1: d0d2fffc96b54cfa777713545bf465124f756b00 SHA256: 2ef66f46128acaea86ad93c09996d3fde02c7a30dc8bb6b1271f601b4f3ca06c SSDeep: 96:Ib+Cpe//3EW4O1O+A9FW4gkgMtopT+JhZyQZOYkoKZff3vPBRLvWbeZh+/sq6G+S:fCCb/AfW4g9MSchvOYkoKx3JRL+Gho+2	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	6.35 KB	MD5: 58366ac649d2f40484f904c24438f22d SHA1: 2bdbf8182aa4c42c53e79ee30599b57ec4404432 SHA256: 0eaf3d07a67726c99a107cd9e79a59d5a9aad399d2876622099d203a5b65222c SSDeep: 192:tB5vrpoVvvzYhkYHzceBBQQnoew23J6opKPCERnZSl4H:vFs7YhnHIeHQQU23J65PCERGc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.19 KB	MD5: 5ad2a4e64deea392ac3c35a28c0bc430 SHA1: 894e34a94a094c7e3eb4b5c52065d35e892c9ccd SHA256: 42d642209667a47fcd53bf1da16d786d318645e13fa1ff2d3dd040bf28aa1153 SSDeep: 48:XTMgGiCeRS9cd/bpBxx+4QsUGc7o0BjOcobKiOfQNjaY4H:jlVC6S9ktzMA1TOpY4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	26.80 KB	MD5: 7173cf603dddcb2834fdbf0ca895e263 SHA1: 663ce8e1828b9693d15d5c17dc727dc07e3d2d6c SHA256: df1a6a4edbdf8fac800184aaf4ab43f4bc6946cbc93e91c0e1ef010576bbb97d SSDeep: 768:KrKzI/oYlyfJY1xlq9MKF0T62sLl4k2kLY7c:TI/omA+xQmT62sL6UY7c	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	582.61 KB	MD5: 7eaa70e4c41c40acbd323a7aa5faf30f SHA1: 48d84dc8b2dc6c300d35e2eff30426eb24b3d060 SHA256: 34476735e019301d9eeaf3a490ab39d1b7c5800cbfe55f01e7cc042856640738 SSDeep: 12288:wEVKpT66wRRqRAXrtelulnuDGyTG3EXzrBTpF0Y9HgjsSfzK:wEHBZ5+uE6yuEXzrB7os7	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	9.38 KB	MD5: b8c2c4acb353ac781d12c0adc830d5a3 SHA1: ffa3579458a49410e739d99c3b17221f466d7ad7 SHA256: dbfba0063c7ea995e8516097c2304691a7e32e820e4d72ad7837ac93ef7f3d13 SSDeep: 192:T4bl0BBXe10BSUh38G/CVvgMDCttFHodPnJX4H:TMlwBu4SUp8UasgJXc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.06 KB	MD5: 7d38ab9e66363572de4bfb4638984de0 SHA1: 59cacc3b88d6304cee5f68fe0b7b0f3c57de3089 SHA256: f3325d7deb027e52a5e93d60abc2dbbaa70cb13dabb5456a459ff31d8120cc4d SSDeep: 24:pw4P5DFM2WXzviL2YPDAhUDYd7lhPESJHKrQxoRQExG:pw4P5DFMTXzviLjcd70SJq8xlZ	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.81 KB	MD5: 107517b678c1e71f19e42914eb821b31 SHA1: c35c6bb66133dd810a5b4d3737f511b75504e1d3 SHA256: da79fea70685380e54d60bc2bef292b4cf1cea83cd823110e282387dc7277d69 SSDeep: 48:n+vLR8P/n6U66iYc48xixXZPZ/8TuA0O6Fge5Ju/BGK7tCwZeEBy1YxLbPT4H:+vLR8k48xIXZPBppO3lz8afnT4H	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	20.35 KB	MD5: cdcc1958bf862ff8ab60ca71d67f3dc9 SHA1: 63c32b8698b0795bd6656cf6d096e548166251e9 SHA256: 5255cfb75cc6aa9c70760927640e6b600fcead744b3d8534895caa20170ad581 SSDeep: 384:e0cej7zVBlgq3hZbvTDq/LhTAUVZYpLJhbgKOxVIZJfijry4UzsiWc:ePqzFR0hTAUPYc9+ZJfO1FNc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	14.94 KB	MD5: 73236985049f198c8cc14bc114e72316 SHA1: a6ebee4aff3c75885ba66672710956c1250e7e41 SHA256: cc37c443fbdc1fb0229cecb2d7fe9663e5c6319d8cc0062c0387485e7daca011 SSDeep: 384:3u8HB5STA8BU03sIfoWTFMPfukd4GRBMSLDPKbvVNryMkDs:FB6A8BU03BtxMAYvI2Ts	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.15 MB	MD5: c572dd6772a943fa72d0cf9ac58c076b SHA1: 92639cea680e2e1965708f8300f28044953d6fc8 SHA256: 8f01d80d595f29435cab80ad7a939f782381b592df0c02b7029e76b0d653ed61 SSDeep: 49152:zDxL8QBonTex4S120ytJyDBeEkZyX5KKBSH9iQZ/U:zR89K1NezZyX5dB5A/U	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.35 MB	MD5: 6bdd5ae875dde220fac2cba700fd853d SHA1: 544d04a680bc53b04b2e323ee6b5715c1a91b61b SHA256: 00f48fb41c41aa10f7c4c6f995d071bc02c81df0b63444e1bc7e0424ea838c24 SSDeep: 49152:R0opH/cgHa3HRxz+4gsjskX33oFW5NM37JhO:R0op1Har+yjb36V2	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.05 KB	MD5: 56d95c294ee38b2bfd518d940e68bff7 SHA1: 7e9a13eeef00b55485d27f0e453a812f85d36a42 SHA256: e35e3112bf696d5ea7f94012807a858c4c26292682aba04c727d13b4cf1445fd SSDeep: 48:zLycUWma3LB1mTyq6uXgDRcjeYkBdvt4BCHLEcCIqx4H:ycSMPCyuglS4BZtOCrEcs4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.55 KB	MD5: 8c04c596c30ec2221840fb987ba22766 SHA1: 2a6397c3ff981cc4fa104d84d4b5f5c7c7b9d678 SHA256: 7ea80017282b949bc89df2086678bea86b761e7d2a88295fee2c600c7269f91b SSDeep: 48:hOQGoC658hYHQb3T20lICeTNss60rEemiw0obxJF+iQyaNKtT84H:CoCHa63T5lTed6GEebwTbxJF+iQBQT8c	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.08 KB	MD5: c834fa4b1d4659c6eff2a187f65121be SHA1: 2929dfbe19400e108ce22bca9227ee91edd452eb SHA256: 234c4e4b7065f7c826a2e16f5a1d638fce287aa2fb4b4a8f196922fe636b7b6b SSDeep: 48:VHWTfK08mYzKWBL1GzUiYrAVFS+sFauwiW1kpP4Of4H:QrOzM9VHuwiW0P1f4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	1.03 KB	MD5: 51a83900f3cbd687da40631f726b473d SHA1: 5d68f8b305da68bfb31bbe0ef43fb0d6bca74652 SHA256: 9aaad5c87da5283e9a6c1d35e4331cd6dee6b22012bf5ca5881ae52bd43bfdfc SSDeep: 24:1Funre6LLsR8g+Tgep4rk0wKr5MHbGhQExTH:1FIecsR9c74rjOHb54H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	30.61 KB	MD5: 30eb489be6b6d2127ee571b412cb526e SHA1: d95b2903a4b51ecabe779fd046bcab7c4884f8f6 SHA256: a346863c9c5ec49729eab99e6238fb903e639564e9b37b292c657f9cc3923bf4 SSDeep: 768:mqxD3czhRBYV34gugEkZm7HmoVXI6uaWDRGNvjFhUoyPvIrMqsSc:mm4TwIRYZ85JIra48jFhUomEMuc	... File Actions Show Properties Download
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	3.16 MB	MD5: 0142c20f8b6cb31162a54802cf62c647 SHA1: 27fae86c0310062099b3bce9fc08d7b3f0178db1 SHA256: cf6ecebc220d4a14ba11e1973ba0e5c3418b5dfec4cbbd677878ef31b96be718 SSDeep: 49152:zDxL8QBoSTex4S120ytJykk7QwD0UuhBNjio:zR89r1sUuhBNmo	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	898 bytes	MD5: 26d3a92e499fd0babde563767ccbaed9 SHA1: 195f9b2a5ccda0739d5c1b7596fe8079d48d3801 SHA256: 2fd918f6857328a0dfe69da637f524b085e5032eb74674e0718b9bbb57af0d65 SSDeep: 12:t0OEA6hw7/7Et2wam4YhZyoVYYBWYfzmukzuVQYAWqX6RzCEbHaYQEnxHzH:t0EhYImjZyZYBWY7hhJDYfyHaYQExTH	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.13 KB	MD5: 2d832540f8f2b9cb4c7c6fa4459975f3 SHA1: 7d194be25c3698733fc1e126560bf2c4c1ad0ced SHA256: e5d3e77d506387457e0e335977ed306c2a61bad0c4b540adffef70491e18f598 SSDeep: 48:5wVOtZrJSjC5hXtsyXGMUYFmKtxv9pQ4pRafsAkh4H:ht7XtsyXPzFRjv9qIvh4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	2.91 KB	MD5: b04cc0a1dee959702ae22d557aec959d SHA1: a0deb5fc2206eeef17e4537eed3b603d014f8bd3 SHA256: 7c63713e042895f0d54fb1feb76fb3ed9d4877263da1cd57095f0be04451c158 SSDeep: 48:IdLn72xZAj24w+uQbiU728Ba+K03bw9ONhVeRZO0+6q4NSBNqHIEz4OYnypaEV4H:6TeZAj24w8uMBa+K+xSPDqIxHIEzHYnJ	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	42.50 KB	MD5: b6ed3ad14ae63d09bcfd93114d4656d4 SHA1: 9788714db7dcd243db74a414481ab2673140da1c SHA256: a5b992922dcf859830562cd3d12e2acf2eb24f923a8e237e82ddec3552816028 SSDeep: 768:FZne22a2OkqqFO/hZ2g+TmM++3Ct2ld9NRpfodrzZzoUBY3YbF67cAUO/87c:Le2T9hZ2g+TmM++WSHRGvZzlBYoJ6bKc	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	5.25 KB	MD5: 5feb097fcc435cc9fb042ea1e2db1452 SHA1: 6f5bc5e7e2f3c998e9c989fc32363aa1e81a8bd0 SHA256: cab6bdaf3219bd6688ba52b69494920973998c29f21d2dfbd7fd60cd7c814208 SSDeep: 96:boM2zHAzNUV3wOjA/sVoR2jucNxD+qVYspCQacjlTloVh1JD4H:0M2zHAzenVoR2jLjS2LpC7cbm7D4H	... File Actions Show Properties Download
\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	18.63 KB	MD5: 0fabe1f29c41e7a90f1294eeaba57843 SHA1: 44979c2fd623588dcd07e479b42bdb34286706be SHA256: 037345f66813c7055f9bb952b7b483f144ea2fb6de1f40c0b315eb7715181e75 SSDeep: 384:uLfZim9ZGKHUOWRkTmlD69okwxVyrcdnSG1TU31TEUmJH187HjJWw54c:uj4micVpokwxacdnSQTU3e87DsK4c	... File Actions Show Properties Download

Host Behavior

COM (7)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	BackgroundCopyManager	IBackgroundCopyManager	cls_context = CLSCTX_LOCAL_SERVER	2	Fn
Create	00021401-0000-0000-C000-000000000046	000214F9-0000-0000-C000-000000000046	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	BackgroundCopyManager	IBackgroundCopyManager	method_name = CreateJob, display_name = wecutil.exe, new_interface = IBackgroundCopyJob	1	Fn
Execute	BackgroundCopyManager	IBackgroundCopyManager	method_name = CreateJob, display_name = wecutil.exe, new_interface = IBackgroundCopyJob	1	Fn
Execute	BackgroundCopyManager	IBackgroundCopyJob	method_name = AddFile, url = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\greencrypt_crypt.exe, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\wecutil.exe	1	Fn
Execute	BackgroundCopyManager	IBackgroundCopyJob	method_name = AddFile, url = C:\Users\5P5NRG~1\AppData\Local\Temp\bfc8f96.lnk, filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wecutil.lnk	1	Fn

File (2760)

Operation	Filename	Additional Information	Count	Logfile
Create	\\?\C:\Boot\BCD	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\BCD.LOG1	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\BCD.LOG2	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\BCD.LOG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\memtest.exe	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\memtest.exe	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\bootmgr	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\bootmgr	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\hiberfil.sys	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\BOOTSECT.BAK	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\BOOTSECT.BAK.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab	desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create Pipe	Anonymous read pipe	size = 0	1	Fn
Create Pipe	Anonymous read pipe	size = 0	1	Fn
Create Pipe	Anonymous read pipe	size = 0	1	Fn
Create Pipe	Anonymous read pipe	size = 0	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\wecutil.exe	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wecutil.lnk	type = file_attributes	1	Fn
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp\bfc8f96.lnk	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\wecutil.exe	type = file_attributes	2	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wecutil.lnk	type = file_attributes	2	Fn
Get Info	\\?\C:\Boot\BCD.LOG1	type = size, size_out = 0	1	Fn
Get Info	\\?\C:\Boot\BCD.LOG2	type = size, size_out = 0	1	Fn
Get Info	\\?\C:\Boot\cs-CZ\bootmgr.exe.mui	type = size, size_out = 89168	1	Fn
Get Info	\\?\C:\Boot\cs-CZ\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\cs-CZ\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\da-DK\bootmgr.exe.mui	type = size, size_out = 87616	1	Fn
Get Info	\\?\C:\Boot\da-DK\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\da-DK\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\de-DE\bootmgr.exe.mui	type = size, size_out = 91712	1	Fn
Get Info	\\?\C:\Boot\de-DE\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\de-DE\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\el-GR\bootmgr.exe.mui	type = size, size_out = 94800	1	Fn
Get Info	\\?\C:\Boot\el-GR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\el-GR\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\en-US\bootmgr.exe.mui	type = size, size_out = 85056	1	Fn
Get Info	\\?\C:\Boot\en-US\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\en-US\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\en-US\memtest.exe.mui	type = size, size_out = 43600	1	Fn
Get Info	\\?\C:\Boot\en-US\memtest.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\en-US\memtest.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\es-ES\bootmgr.exe.mui	type = size, size_out = 90192	1	Fn
Get Info	\\?\C:\Boot\es-ES\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\es-ES\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\fi-FI\bootmgr.exe.mui	type = size, size_out = 89152	1	Fn
Get Info	\\?\C:\Boot\fi-FI\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\fi-FI\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\Fonts\chs_boot.ttf	type = size, size_out = 3694080	1	Fn
Get Info	\\?\C:\Boot\Fonts\chs_boot.ttf	type = file_attributes	1	Fn
Get Info	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini	type = size, size_out = 129	1	Fn
Get Info	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini	type = file_attributes	1	Fn
Get Info	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\Fonts\cht_boot.ttf	type = size, size_out = 3876772	1	Fn
Get Info	\\?\C:\Boot\Fonts\cht_boot.ttf	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\Fonts\kor_boot.ttf	type = size, size_out = 2371360	1	Fn
Get Info	\\?\C:\Boot\Fonts\kor_boot.ttf	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\Fonts\wgl4_boot.ttf	type = size, size_out = 47452	1	Fn
Get Info	\\?\C:\Boot\Fonts\wgl4_boot.ttf	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\Fonts\wgl4_boot.ttf.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\fr-FR\bootmgr.exe.mui	type = size, size_out = 93248	1	Fn
Get Info	\\?\C:\Boot\fr-FR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\fr-FR\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\hu-HU\bootmgr.exe.mui	type = size, size_out = 90688	1	Fn
Get Info	\\?\C:\Boot\hu-HU\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\hu-HU\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\it-IT\bootmgr.exe.mui	type = size, size_out = 90704	1	Fn
Get Info	\\?\C:\Boot\it-IT\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\it-IT\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ja-JP\bootmgr.exe.mui	type = size, size_out = 76352	1	Fn
Get Info	\\?\C:\Boot\ja-JP\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ja-JP\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ko-KR\bootmgr.exe.mui	type = size, size_out = 75344	1	Fn
Get Info	\\?\C:\Boot\ko-KR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ko-KR\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\memtest.exe	type = size, size_out = 485760	1	Fn
Get Info	\\?\C:\Boot\memtest.exe	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\memtest.exe.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\nb-NO\bootmgr.exe.mui	type = size, size_out = 88144	1	Fn
Get Info	\\?\C:\Boot\nb-NO\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\nb-NO\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\nl-NL\bootmgr.exe.mui	type = size, size_out = 90704	1	Fn
Get Info	\\?\C:\Boot\nl-NL\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\nl-NL\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pl-PL\bootmgr.exe.mui	type = size, size_out = 90704	1	Fn
Get Info	\\?\C:\Boot\pl-PL\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pl-PL\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pt-BR\bootmgr.exe.mui	type = size, size_out = 90176	1	Fn
Get Info	\\?\C:\Boot\pt-BR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pt-BR\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pt-PT\bootmgr.exe.mui	type = size, size_out = 89664	1	Fn
Get Info	\\?\C:\Boot\pt-PT\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\pt-PT\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ru-RU\bootmgr.exe.mui	type = size, size_out = 90192	1	Fn
Get Info	\\?\C:\Boot\ru-RU\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\ru-RU\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\sv-SE\bootmgr.exe.mui	type = size, size_out = 87616	1	Fn
Get Info	\\?\C:\Boot\sv-SE\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\sv-SE\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\tr-TR\bootmgr.exe.mui	type = size, size_out = 87104	1	Fn
Get Info	\\?\C:\Boot\tr-TR\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\tr-TR\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-CN\bootmgr.exe.mui	type = size, size_out = 70720	1	Fn
Get Info	\\?\C:\Boot\zh-CN\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-CN\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-HK\bootmgr.exe.mui	type = size, size_out = 70224	1	Fn
Get Info	\\?\C:\Boot\zh-HK\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-HK\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-TW\bootmgr.exe.mui	type = size, size_out = 70208	1	Fn
Get Info	\\?\C:\Boot\zh-TW\bootmgr.exe.mui	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\zh-TW\bootmgr.exe.mui.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\bootmgr	type = size, size_out = 383786	1	Fn
Get Info	\\?\C:\bootmgr	type = file_attributes	1	Fn
Get Info	\\?\C:\bootmgr.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\BOOTSTAT.DAT	type = size, size_out = 65536	1	Fn
Get Info	\\?\C:\Boot\BOOTSTAT.DAT	type = file_attributes	1	Fn
Get Info	\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = size, size_out = 1984228	1	Fn
Get Info	\\?\C:\Boot\Fonts\jpn_boot.ttf	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab	type = size, size_out = 16972987	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi	type = size, size_out = 2506240	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml	type = size, size_out = 1565	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\BOOTSECT.BAK	type = size, size_out = 8192	1	Fn
Get Info	\\?\C:\BOOTSECT.BAK	type = file_attributes	1	Fn
Get Info	\\?\C:\BOOTSECT.BAK.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml	type = size, size_out = 2296	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml	type = size, size_out = 1450	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml	type = size, size_out = 1886	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	type = file_attributes	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml	type = size, size_out = 1450	1	Fn
Get Info	\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml	type = file_attributes	1	Fn
Copy	c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\nslookup.exe	source_filename = C:\Windows\SysWOW64\nslookup.exe	1	Fn
Copy	c:\programdata\microsoft\windows\start menu\programs\startup\nslookup.exe	source_filename = C:\Windows\SysWOW64\nslookup.exe	1	Fn
Read	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini	size = 1114368, size_out = 129	1	Fn Data
Read	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	size = 1114368, size_out = 645	1	Fn Data
Write	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 144	1	Fn Data
Write	\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 15072	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 226	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1072	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 226	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1072	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 226	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1696	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 226	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 786690	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 262144	3	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1952	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 832	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 258	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1568	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2304	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML	size = 928	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1456	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1232	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1856	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	2	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2640	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 596352	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 71248	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 226	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 832	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 258	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 37696	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 26944	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 27200	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 67200	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 5568	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1392	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2368	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 4288	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1616	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 9360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2000	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	size = 3200	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1456	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 258	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1888	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 4208	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 16688	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1456	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1888	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	size = 6432	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1472	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 816	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 5888	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 16864	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 31104	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1472	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1616	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 6256	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 9504	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML	size = 1456	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML	size = 258	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 20592	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 8736	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2432	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1808	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 11472	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML	size = 8928	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 39024	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2688	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 8576	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1856	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1114368	1	Fn
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 227312	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 69056	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 656	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1584	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 25248	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2992	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 19792	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG	size = 875536	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 34928	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF	size = 2864	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 20640	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1568	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 33024	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1936	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 27408	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2192	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	2	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 3488	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 31840	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2736	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 960	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 32608	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 43280	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 29936	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1376	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 20384	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2048	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1296	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1296	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 28608	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 3968	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 33280	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 20576	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 25120	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 32416	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 26416	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 32448	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1360	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 5136	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2560	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 18832	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG	size = 60736	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 33568	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 5184	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	2	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2480	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 19488	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 18416	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1664	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 44864	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1392	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 48128	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1376	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 11584	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 2576	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 37456	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1600	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 21760	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1248	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 16752	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 1440	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 37120	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id[9C354B42-2222].[William_Kidd_2019@protonmail.com].actor	size = 242	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG	size = 1344	1	Fn Data
Write	\\?\C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG	size = 242	1	Fn Data
Delete	\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml	-	1	Fn
For performance reasons, the remaining 1675 entries are omitted. The remaining entries can be found in glog.xml.

Registry (20)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Startup, data = 2692672, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Startup, data = 2692736, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ	2	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Common Startup, data = 196, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Common Startup, data = 2708144, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Common Startup, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ	1	Fn
Write Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	value_name = nslookup, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\nslookup.exe, size = 112, type = REG_SZ	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = nslookup, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\nslookup.exe, size = 112, type = REG_SZ	1	Fn

Process (832)

Operation	Process	Additional Information	Count	Logfile
Create	C:\Windows\SysWOW64\nslookup.exe	os_pid = 0x844, show_window = SW_HIDE	1	Fn
Create	C:\Windows\system32\cmd.exe	os_pid = 0x62c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE	1	Fn
Create	C:\Windows\system32\cmd.exe	os_pid = 0x780, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE	1	Fn
Enumerate Processes	-	-	814	Fn
Enumerate Processes	-	-	14	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_QUERY_INFORMATION	1	Fn

Module (39)

Operation	Module	Additional Information	Count	Logfile
Load	ole32	base_address = 0x755e0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	15	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x74d40000	1	Fn
Get Filename	-	process_name = c:\windows\syswow64\nslookup.exe, file_name_orig = C:\Windows\SysWOW64\nslookup.exe, size = 260	7	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650	7	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CreateProcessWithTokenW, address_out = 0x74d8531f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668	1	Fn

System (61)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = XDUWTFONO	1	Fn
Sleep	duration = 2030104 milliseconds (2030.104 seconds)	4	Fn
Sleep	duration = 2030224 milliseconds (2030.224 seconds)	1	Fn
Sleep	duration = 5000 milliseconds (5.000 seconds)	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	34	Fn
Sleep	duration = 500 milliseconds (0.500 seconds)	14	Fn
Get Time	type = System Time, time = 2019-06-21 19:04:46 (UTC)	1	Fn
Get Time	type = Ticks, time = 266870	1	Fn
Get Time	type = Performance Ctr, time = 32947241678	1	Fn
Get Time	type = Ticks, time = 266886	1	Fn
Get Info	type = Operating System	2	Fn

Mutex (74)

Operation	Additional Information	Count	Logfile
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4201	1	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4200	6	Fn
Create	mutex_name = Global\22229C354B4200	4	Fn
Create	mutex_name = Global\22229C354B4200	2	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4200	2	Fn
Create	mutex_name = Global\22229C354B4200	3	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Create	mutex_name = Global\22229C354B4200	1	Fn
Open	mutex_name = Global\22229C354B4200, desired_access = SYNCHRONIZE	24	Fn
Open	mutex_name = Global\22229C354B4201, desired_access = SYNCHRONIZE	1	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	6	Fn
Release	mutex_name = Global\22229C354B4200	4	Fn
Release	mutex_name = Global\22229C354B4200	2	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	2	Fn
Release	mutex_name = Global\22229C354B4200	3	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn
Release	mutex_name = Global\22229C354B4200	1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data

Process #4: nslookup.exe

Information	Value
ID	#4
File Name	c:\windows\syswow64\nslookup.exe
Command Line	"C:\Windows\SysWOW64\nslookup.exe"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:30, Reason: Child Process
Unmonitor	End Time: 00:04:03, Reason: Self Terminated
Monitor Duration	00:00:33

OS Process Information

Information	Value
PID	0x844
Parent PID	0x3b0 (c:\windows\syswow64\nslookup.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 848 0x 5F0

Host Behavior

Registry (7)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	value_name = DNSLookupOrder	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	value_name = Domain	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	value_name = DhcpDomain	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	value_name = SearchList	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters	value_name = DhcpSearchList	1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\syswow64\nslookup.exe	base_address = 0xda0000		1	Fn

System (3)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-21 19:04:47 (UTC)	1	Fn
Get Time	type = Ticks, time = 267978	1	Fn
Get Time	type = Performance Ctr, time = 33059047459	1	Fn

Network Behavior

DNS (1)

Operation	Additional Information	Success	Count	Logfile
Get Hostname	name_out = XDuwTfOno		1	Fn

Process #5: cmd.exe

166

Information	Value
ID	#5
File Name	c:\windows\system32\cmd.exe
Command Line	"C:\Windows\system32\cmd.exe"
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:03:34, Reason: Child Process
Unmonitor	End Time: 00:04:03, Reason: Self Terminated
Monitor Duration	00:00:28

OS Process Information

Information	Value
PID	0x62c
Parent PID	0x3b0 (c:\windows\syswow64\nslookup.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 5A4

Host Behavior

File (114)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp	type = file_attributes	2	Fn
Get Info	STD_OUTPUT_HANDLE	type = file_type	8	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	3	Fn
Open	STD_OUTPUT_HANDLE	-	17	Fn
Open	STD_INPUT_HANDLE	-	41	Fn
Read	STD_INPUT_HANDLE	size = 1, size_out = 1	36	Fn Data
Write	STD_OUTPUT_HANDLE	size = 36	2	Fn Data
Write	STD_OUTPUT_HANDLE	size = 2	3	Fn Data
Write	STD_OUTPUT_HANDLE	size = 63	1	Fn Data
Write	STD_OUTPUT_HANDLE	size = 37	1	Fn Data

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 24, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\vssadmin.exe	os_pid = 0x320, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn
Get Info	C:\Windows\system32\vssadmin.exe	type = PROCESS_BASIC_INFORMATION		1	Fn

Memory (1)

Operation	Process	Additional Information	Success	Count	Logfile
Read	C:\Windows\system32\vssadmin.exe	address = 8796092887040, size = 896		1	Fn Data

Module (10)

Operation	Module	Additional Information	Count	Logfile
Load	NTDLL.DLL	base_address = 0x76f50000	1	Fn
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x49df0000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x76e30000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x76e46d40	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x76e423d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76e38290	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x76e417e0	1	Fn
Get Address	c:\windows\system32\ntdll.dll	function = NtQueryInformationProcess, address_out = 0x76fa14a0	1	Fn

System (4)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-21 19:04:51 (UTC)	1	Fn
Get Time	type = Ticks, time = 272128	1	Fn
Get Time	type = Performance Ctr, time = 33531002237	1	Fn
Get Info	type = Operating System	1	Fn

Environment (16)

Operation	Additional Information	Count	Logfile
Get Environment String	-	5	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Get Environment String	name = PROMPT, result_out = $P$G	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\5P5NRG~1\AppData\Local\Temp	1	Fn
Set Environment String	name = COPYCMD	1	Fn

Process #6: cmd.exe

188

Information	Value
ID	#6
File Name	c:\windows\system32\cmd.exe
Command Line	"C:\Windows\system32\cmd.exe"
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:03:34, Reason: Child Process
Unmonitor	End Time: 00:04:03, Reason: Self Terminated
Monitor Duration	00:00:28

OS Process Information

Information	Value
PID	0x780
Parent PID	0x3b0 (c:\windows\syswow64\nslookup.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 240

Host Behavior

File (136)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp	type = file_attributes	2	Fn
Get Info	STD_OUTPUT_HANDLE	type = file_type	8	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	3	Fn
Open	STD_OUTPUT_HANDLE	-	17	Fn
Open	STD_INPUT_HANDLE	-	52	Fn
Read	STD_INPUT_HANDLE	size = 1, size_out = 1	47	Fn Data
Write	STD_OUTPUT_HANDLE	size = 36	1	Fn Data
Write	STD_OUTPUT_HANDLE	size = 2	3	Fn Data
Write	STD_OUTPUT_HANDLE	size = 63	1	Fn Data
Write	STD_OUTPUT_HANDLE	size = 37	1	Fn Data
Write	STD_OUTPUT_HANDLE	size = 47	1	Fn Data

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 24, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\netsh.exe	os_pid = 0x7ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn
Get Info	C:\Windows\system32\netsh.exe	type = PROCESS_BASIC_INFORMATION		1	Fn

Memory (1)

Operation	Process	Additional Information	Success	Count	Logfile
Read	C:\Windows\system32\netsh.exe	address = 8796092887040, size = 896		1	Fn Data

Module (10)

Operation	Module	Additional Information	Count	Logfile
Load	NTDLL.DLL	base_address = 0x76f50000	1	Fn
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x49df0000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x76e30000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x76e46d40	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x76e423d0	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76e38290	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x76e417e0	1	Fn
Get Address	c:\windows\system32\ntdll.dll	function = NtQueryInformationProcess, address_out = 0x76fa14a0	1	Fn

System (4)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-21 19:04:51 (UTC)	1	Fn
Get Time	type = Ticks, time = 272081	1	Fn
Get Time	type = Performance Ctr, time = 33527228088	1	Fn
Get Info	type = Operating System	1	Fn

Environment (16)

Operation	Additional Information	Count	Logfile
Get Environment String	-	5	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Get Environment String	name = PROMPT, result_out = $P$G	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\5P5NRG~1\AppData\Local\Temp	1	Fn
Set Environment String	name = COPYCMD	1	Fn

Process #7: vssadmin.exe

Information	Value
ID	#7
File Name	c:\windows\system32\vssadmin.exe
Command Line	vssadmin delete shadows /all /quiet
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:03:35, Reason: Child Process
Unmonitor	End Time: 00:04:03, Reason: Self Terminated
Monitor Duration	00:00:27
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x320
Parent PID	0x62c (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 7B0 0x 64 0x 7B4 0x 5B8 0x 3D0

Process #8: netsh.exe

Information	Value
ID	#8
File Name	c:\windows\system32\netsh.exe
Command Line	netsh advfirewall set currentprofile state off
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:03:35, Reason: Child Process
Unmonitor	End Time: 00:04:03, Reason: Self Terminated
Monitor Duration	00:00:27

OS Process Information

Information	Value
PID	0x7ac
Parent PID	0x780 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 798

Host Behavior

Registry (9)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh	-	1	Fn

Module (19)

Operation	Module	Additional Information	Count	Logfile
Load	RASMONTR.DLL	base_address = 0x7fef43f0000	1	Fn
Load	MSVCRT.DLL	base_address = 0x7fefdad0000	1	Fn
Load	C:\Windows\system32\MFC42LOC.DLL	base_address = 0x0	1	Fn
Load	NSHWFP.DLL	base_address = 0x7fef2940000	1	Fn
Load	DHCPCMONITOR.DLL	base_address = 0x7fef4250000	1	Fn
Load	WSHELPER.DLL	base_address = 0x7fef4220000	1	Fn
Load	NSHHTTP.DLL	base_address = 0x7fef4210000	1	Fn
Load	FWCFG.DLL	base_address = 0x7fef41e0000	1	Fn
Load	AUTHFWCFG.DLL	base_address = 0x7fef28c0000	1	Fn
Get Handle	c:\windows\system32\netsh.exe	base_address = 0x12b0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\Windows\system32\MFC42u.dll, size = 260	1	Fn
Get Address	c:\windows\system32\rasmontr.dll	function = InitHelperDll, address_out = 0x7fef440cf70	1	Fn
Get Address	c:\windows\system32\nshwfp.dll	function = InitHelperDll, address_out = 0x7fef29ab6d0	1	Fn
Get Address	c:\windows\system32\dhcpcmonitor.dll	function = InitHelperDll, address_out = 0x7fef4251a40	1	Fn
Get Address	c:\windows\system32\wshelper.dll	function = InitHelperDll, address_out = 0x7fef4221720	1	Fn
Get Address	c:\windows\system32\nshhttp.dll	function = InitHelperDll, address_out = 0x7fef4211c24	1	Fn
Get Address	c:\windows\system32\fwcfg.dll	function = InitHelperDll, address_out = 0x7fef41e2d20	1	Fn
Get Address	c:\windows\system32\authfwcfg.dll	function = InitHelperDll, address_out = 0x7fef28c5d20	1	Fn

System (13)

Operation	Additional Information	Count	Logfile
Get Cursor	x_out = 191, y_out = 337	1	Fn
Get Time	type = System Time, time = 2019-06-21 19:04:52 (UTC)	1	Fn
Get Time	type = Ticks, time = 272377	1	Fn
Get Time	type = Performance Ctr, time = 33585615324	1	Fn
Get Time	type = System Time, time = 2019-06-21 19:04:53 (UTC)	1	Fn
Get Time	type = Ticks, time = 273610	1	Fn
Get Info	type = Operating System	6	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn

Process #9: vssvc.exe

Information	Value
ID	#9
File Name	c:\windows\system32\vssvc.exe
Command Line	C:\Windows\system32\vssvc.exe
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:37, Reason: RPC Server
Unmonitor	End Time: 00:04:30, Reason: Terminated by Timeout
Monitor Duration	00:00:53

OS Process Information

Information	Value
PID	0x8a8
Parent PID	0x1cc (c:\windows\system32\services.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x 8D0 0x 8CC 0x 758 0x 7C8 0x 7A4 0x 83C 0x 914 0x 91C 0x A20

Host Behavior

System (3)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-21 19:04:52 (UTC)	1	Fn
Get Time	type = Ticks, time = 272892	1	Fn
Get Time	type = Performance Ctr, time = 33784844798	1	Fn

Remarks (1/1)

Monitored Processes

Behavior Information - Grouped by Category

Before

After